| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.11.2012, 00:45
| #1 |
 |  Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? Hallo! Da meine Mutter einen Brief von der Telekom bekommen hat, dass ihr PC vom Zeus Online-Banking Trojaner befallen ist, hatte ich Angst, dass der evtl. bei mir auch über 'nen USB-Stick draufgekommen sein könnte und hab ein paar scans gemacht. Den hab ich dann (glaube ich) nicht gefunden, aber ein paar andere infizierte Dateien. Ich benutze Avast als Virusprogramm und mache scans mit Malwarebyte's Antimalware und SuperantiSpyware (hab leider keine alten scans). Die infizierten Dateien habe ich von Malwarebyte's Antimalware und SUPERAntiSpyware löschen lassen (siehe Logs), aber ich habe Angst, dass noch was im PC versteckt ist, und deshalb wäre es sehr schön, wenn sich mal ein Profi die logs angucken könnte (evtl. wurde der Zeus-Trojaner auch von den Programmen übersehen und schlummert noch auf meinem PC?). Wie in der Forenanleitung beschrieben hab ich alle nötigen logfiles erstellt. Malwarebyte's: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.14.06 Windows XP Service Pack 3 x86 FAT32 Internet Explorer 8.0.6001.18702 jens :: DACHS [Administrator] 14.11.2012 20:54:55 mbam-log-2012-11-14 (22-01-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 343786 Laufzeit: 40 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs (PUP.LoadTubes) -> Keine Aktion durchgeführt. Infizierte Dateien: 9 C:\Programme\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{5706DE39-B830-473B-88EE-8395CF4BDCC1}\RP1057\A0197382.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{5706DE39-B830-473B-88EE-8395CF4BDCC1}\RP1065\A0199035.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\keyHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\uninstall.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\config.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\updateHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\domHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\evHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 11/14/2012 at 11:30 PM
Application Version : 5.6.1014
Core Rules Database Version : 9584
Trace Rules Database Version: 7396
Scan type : Complete Scan
Total Scan Time : 01:00:09
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 639
Memory threats detected : 0
Registry items scanned : 38303
Registry threats detected : 1
File items scanned : 41023
File threats detected : 1
Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY
Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5706DE39-B830-473B-88EE-8395CF4BDCC1}\RP1078\A0201635.EXE
Code:
ATTFilter OTL logfile created on: 15.11.2012 00:03:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\jens\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 66,09% Memory free 3,72 Gb Paging File | 3,24 Gb Available in Paging File | 86,97% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 67,05 Gb Total Space | 27,02 Gb Free Space | 40,29% Space Free | Partition Type: FAT32 Drive D: | 42,84 Gb Total Space | 7,65 Gb Free Space | 17,85% Space Free | Partition Type: FAT32 Computer Name: DACHS | User Name: jens | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.14 23:53:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jens\Desktop\OTL.exe PRC - [2012.11.14 22:24:48 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2012.08.21 11:12:26 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2012.08.11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.06.07 17:34:34 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2008.04.14 04:23:06 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.10.14 11:43:32 | 000,069,632 | ---- | M] (ASUS) -- C:\WINDOWS\system32\ASUSTPE.exe PRC - [2006.10.14 05:37:40 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe PRC - [2006.08.10 10:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe PRC - [2006.06.08 20:33:02 | 000,053,248 | ---- | M] (ASUSTeK Computer INC.) -- C:\Programme\ASUS\ATK Media\DMedia.exe PRC - [2006.04.24 14:25:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2005.10.17 17:09:34 | 000,987,136 | ---- | M] () -- C:\Programme\Wireless Console 2\wcourier.exe PRC - [2004.03.13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.11.14 23:58:02 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll MOD - [2012.11.14 23:57:46 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll MOD - [2012.11.14 23:56:52 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll MOD - [2012.11.14 23:56:50 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.11.14 23:56:46 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2012.11.14 23:56:40 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2012.11.14 23:56:28 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll MOD - [2012.11.14 20:22:46 | 001,832,960 | ---- | M] () -- C:\Programme\Alwil Software\Avast5\defs\12111401\algo.dll MOD - [2012.07.04 22:44:54 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\df9b91c72d00cad13abd00fe7f8d12cb\System.Windows.Forms.ni.dll MOD - [2012.07.04 22:25:50 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012.05.09 20:33:18 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll MOD - [2012.05.09 20:24:18 | 000,532,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll MOD - [2012.05.09 20:24:18 | 000,368,640 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll MOD - [2012.05.09 20:19:46 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll MOD - [2012.05.09 20:19:24 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.09 20:18:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.09 20:18:32 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.09 20:18:08 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.05.09 20:13:58 | 001,249,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll MOD - [2012.05.09 20:13:56 | 005,283,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll MOD - [2012.05.09 20:13:54 | 004,214,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2009.02.02 14:21:06 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.02 14:21:04 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.02.02 14:17:08 | 000,864,256 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll MOD - [2009.02.02 14:17:04 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll MOD - [2009.02.02 14:17:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll MOD - [2008.06.04 08:53:14 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\spd__l.dll MOD - [2008.04.14 04:23:06 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE MOD - [2008.04.14 04:22:32 | 000,214,528 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\wbemcomn.dll MOD - [2007.08.21 19:48:02 | 001,671,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34579__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2007.08.21 19:48:02 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34534__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2007.08.21 19:48:02 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34592__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2007.08.21 19:48:02 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.34808__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2007.08.21 19:48:02 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.34761__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2007.08.21 19:48:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34570__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2007.08.21 19:48:02 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34591__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2007.08.21 19:48:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2007.08.21 19:48:02 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.34693__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2007.08.21 19:48:00 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.34851__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2007.08.21 19:47:10 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2589.34857__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:10 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2589.34584__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:10 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2589.34549__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:10 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2589.34584__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2007.08.21 19:47:08 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2589.34707__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:08 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2589.34795__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2007.08.21 19:47:08 | 000,344,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2589.34776__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:08 | 000,262,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard\2.0.2589.34628__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:08 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2589.34781__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2007.08.21 19:47:08 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2589.34773__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2007.08.21 19:47:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2589.34703__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2007.08.21 19:47:06 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2589.34606__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:06 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2589.34698__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:06 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2589.34557__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:06 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2589.34748__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:06 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2589.34613__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2007.08.21 19:47:06 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2589.34599__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:06 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2589.34728__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:06 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2589.34694__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2007.08.21 19:47:06 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2589.34702__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2007.08.21 19:47:06 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2589.34727__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2007.08.21 19:47:06 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2589.34612__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2007.08.21 19:47:06 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2589.34747__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2007.08.21 19:47:06 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime\2.0.2589.34633__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.dll MOD - [2007.08.21 19:47:06 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2007.08.21 19:47:06 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2007.08.21 19:47:04 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll MOD - [2007.08.21 19:47:04 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2007.08.21 19:47:04 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2007.08.21 19:47:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2007.08.21 19:47:04 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll MOD - [2007.08.21 19:47:04 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2007.08.21 19:47:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2007.08.21 19:47:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2007.08.21 19:47:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2007.08.21 19:47:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2007.08.21 19:47:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2007.08.21 19:47:02 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2007.08.21 19:47:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared\2.0.2560.25989__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2007.08.21 19:46:48 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.34878__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2007.08.21 19:46:46 | 001,404,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2589.34543__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2007.08.21 19:46:46 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34565__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2007.08.21 19:46:46 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.34834__90ba9c70f846762e\MOM.Implementation.dll MOD - [2007.08.21 19:46:46 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34533__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2007.08.21 19:46:46 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.34833__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2007.08.21 19:46:46 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2007.08.21 19:46:46 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2007.08.21 19:46:46 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2007.08.21 19:46:46 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2007.08.21 19:46:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2007.08.21 19:46:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2007.08.21 19:46:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2007.08.21 19:46:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34533__90ba9c70f846762e\ATIDEMOS.dll MOD - [2007.08.21 19:46:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2589.34532__90ba9c70f846762e\AEM.Server.dll MOD - [2007.08.21 19:46:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2007.08.21 19:46:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2007.08.21 19:46:44 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.34834__90ba9c70f846762e\CCC.Implementation.dll MOD - [2006.12.19 19:16:04 | 000,073,728 | ---- | M] () -- c:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll MOD - [2006.10.14 05:37:40 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe MOD - [2006.08.24 03:32:26 | 000,163,840 | ---- | M] () -- C:\WINDOWS\ATK0100\ASUSNet.dll MOD - [2006.08.10 10:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe MOD - [2005.10.17 17:09:34 | 000,987,136 | ---- | M] () -- C:\Programme\Wireless Console 2\wcourier.exe MOD - [2004.05.27 22:13:10 | 000,057,344 | ---- | M] () -- C:\WINDOWS\ATK0100\CMSSC.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Unknown] -- -- (Avgatuvtv) SRV - [2012.11.14 22:24:48 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2012.10.30 17:10:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.21 11:12:26 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.07 17:34:34 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2010.08.09 04:04:04 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\WINDOWS\system32\SUPDSvc.exe -- (Samsung UPD Service) SRV - [2007.08.31 12:28:30 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2006.04.24 14:25:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- c:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004.03.13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\MpEngineStore\MpKsl9753d9dd.sys -- (MpKsl9753d9dd) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.08.21 11:13:16 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:16 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:16 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.08.21 11:13:14 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.08.21 11:13:14 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.06.07 17:25:22 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva) DRV - [2012.06.07 17:24:24 | 000,057,256 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux) DRV - [2012.06.07 17:24:24 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint) DRV - [2011.07.22 18:27:04 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:24 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2010.05.01 12:19:20 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010.05.01 12:19:20 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.06.09 22:32:16 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.10.12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.10.12 01:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) DRV - [2007.09.20 20:54:12 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2007.02.02 02:03:24 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.11.02 20:32:30 | 004,394,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2006.10.12 16:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006.08.29 19:10:34 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent) DRV - [2006.08.13 23:40:24 | 000,027,776 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atl02_xp.sys -- (AtcL002) DRV - [2006.04.28 17:24:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) DRV - [2006.03.21 10:04:24 | 000,889,472 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2006.01.24 10:45:56 | 000,034,944 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipswuio.sys -- (ipswuio) DRV - [2005.02.17 10:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2004.05.27 22:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\ATK0100\ASNDIS5.sys -- (ASNDIS5) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {A107B17A-F519-479A-BD44-DFF58D6ADEA1} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field IE - HKCU\..\SearchScopes\{A107B17A-F519-479A-BD44-DFF58D6ADEA1}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll File not found FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Programme\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\Alwil Software\Avast5\WebRep\FF [2011.06.01 14:24:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.27 19:05:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.27 19:05:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.30 17:10:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.10.30 17:10:18 | 000,000,000 | ---D | M] [2010.05.07 17:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Extensions [2010.05.11 15:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.05.07 17:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Firefox\Profiles\fort0edl.default\extensions [2010.05.12 16:05:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Firefox\Profiles\fort0edl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.15 22:23:24 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Firefox\Profiles\fort0edl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.25 20:04:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Firefox\Profiles\fort0edl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.27 19:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.27 19:05:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.27 19:06:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010.04.21 12:16:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.10.14 20:24:04 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml [2011.10.14 20:24:04 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.14 20:24:04 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.14 20:24:04 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.10.14 20:24:04 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 11:48:28 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml O1 HOSTS File: ([2010.07.06 22:38:10 | 000,408,513 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14125 more lines... O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe () O4 - HKCU..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe (ASUS) O4 - HKCU..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\RunServices: [ComponentPrivate] c:\programme\ati technologies\ati.ace\core-implementation\pt-br\erecordhotkeymanager.exe File not found O4 - HKLM..\RunServices: [resourcesDataSetExtensions] c:\programme\reference assemblies\microsoft\framework\v3.5\de\resourcessystem.exe File not found O4 - HKLM..\RunServices: [SAUpdateSUPERAntiSpyware] c:\dokume~1\jens\lokale~1\temp\bdbd.exe File not found O4 - HKLM..\RunServices: [WizardAdobe] c:\programme\adobe\acrobat 7.0\reader\plug_ins\picturetasks\ols\acrobatadobe.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341433066625 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341433002265 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C6597E0-51FE-4062-8C69-0C07D8985091}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\jens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\jens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.08.21 19:11:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{05abfdca-f08d-11de-a91e-001d6041a400}\Shell\AutoRun\command - "" = H:\Menu.exe O33 - MountPoints2\{1a600d2e-c6ef-11dd-a6b6-001bfc94372b}\Shell - "" = AutoRun O33 - MountPoints2\{1a600d2e-c6ef-11dd-a6b6-001bfc94372b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1a600d2e-c6ef-11dd-a6b6-001bfc94372b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe PSYCHOLOGIE_1.vbs O33 - MountPoints2\{f0b08b74-e7f7-11dc-a519-001bfc94372b}\Shell\AutoRun\command - "" = H:\wdsync.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.14 23:53:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jens\Desktop\OTL.exe [2012.11.14 23:52:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012.11.14 20:50:47 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\jens\Recent [2012.10.30 17:10:15 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2012.10.27 19:05:47 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2008.11.22 15:11:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\pcouffin.sys [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.14 23:57:04 | 000,467,830 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.14 23:57:04 | 000,448,586 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.14 23:57:04 | 000,088,846 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.14 23:57:04 | 000,074,568 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.14 23:56:36 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Desktop\jx0d6i8l.exe [2012.11.14 23:54:40 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.14 23:53:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jens\Desktop\OTL.exe [2012.11.14 23:52:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.14 23:50:50 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.11.14 23:48:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2012.11.14 23:48:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.14 23:48:30 | 2012,467,200 | -HS- | M] () -- C:\hiberfil.sys [2012.11.14 23:46:28 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\defogger_reenable [2012.11.14 23:46:00 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Desktop\Defogger.exe [2012.11.14 22:06:50 | 000,541,569 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Desktop\adwcleaner.exe [2012.11.14 19:45:54 | 000,050,774 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Desktop\00_Syllabus_2012_11_14.pdf [2012.11.12 16:54:06 | 000,049,664 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.07 22:14:44 | 000,059,359 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Eigene Dateien\eichel.pdf [2012.11.05 10:27:38 | 000,000,043 | ---- | M] () -- C:\WINDOWS\gswin32.ini [2012.11.01 18:46:54 | 000,000,515 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Desktop\Planung.lnk [2012.10.28 09:57:28 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.10.26 18:15:12 | 000,058,775 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Eigene Dateien\AngemeldeteInabschluss272a982c-a3aa-4cd8-8156-cd3c3458e771.pdf [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.14 23:56:38 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Desktop\jx0d6i8l.exe [2012.11.14 23:54:36 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.11.14 23:46:16 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\defogger_reenable [2012.11.14 23:45:55 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Desktop\Defogger.exe [2012.11.14 22:06:48 | 000,541,569 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Desktop\adwcleaner.exe [2012.11.14 19:45:55 | 000,050,774 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Desktop\00_Syllabus_2012_11_14.pdf [2012.11.07 22:16:27 | 000,059,359 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Eigene Dateien\eichel.pdf [2012.11.01 18:46:53 | 000,000,515 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Desktop\Planung.lnk [2012.10.26 18:15:12 | 000,058,775 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Eigene Dateien\AngemeldeteInabschluss272a982c-a3aa-4cd8-8156-cd3c3458e771.pdf [2012.03.06 22:10:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.19 12:50:21 | 000,039,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.10.06 11:43:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\spd__l.dll [2011.10.06 11:43:11 | 000,283,136 | ---- | C] () -- C:\WINDOWS\System32\DscPnt.dll [2011.10.06 11:43:11 | 000,259,888 | ---- | C] () -- C:\WINDOWS\SUPDRun.exe [2011.10.06 11:43:09 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\spd__ci.exe [2011.03.12 15:54:59 | 000,001,048 | ---- | C] () -- C:\WINDOWS\Aeditor.INI [2011.03.12 15:36:31 | 000,000,681 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI [2011.03.07 18:37:05 | 000,000,130 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\webct_upload_applet.properties [2009.12.27 17:06:11 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\PnkBstrK.sys [2008.12.19 01:30:46 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\JavaMediaPlayer_audiolevel.cfg [2008.11.22 15:11:53 | 000,000,671 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\vso_ts_preview.xml [2008.11.22 15:11:26 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\inst.exe [2008.11.22 15:11:26 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\pcouffin.cat [2008.11.22 15:11:26 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\pcouffin.inf [2008.10.07 22:03:47 | 000,014,852 | ---- | C] () -- C:\Programme\settings.dat [2008.03.05 19:14:33 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2007.09.01 16:32:29 | 000,049,664 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.08.31 11:25:34 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html ========== ZeroAccess Check ========== [2007.08.21 19:43:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.05.11 21:43:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2008.05.11 21:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2009.11.20 16:07:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2010.05.05 21:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.05.05 23:22:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2010.07.06 22:56:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2011.01.01 18:48:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.04.06 14:15:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco [2012.06.02 11:38:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERSetup [2012.09.16 18:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2007.09.14 22:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Azureus [2007.09.17 19:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Teleca [2008.05.11 21:52:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Ulead Systems [2008.10.07 22:05:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Thunderbird [2008.11.22 15:11:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Vso [2010.10.15 22:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.10.24 15:11:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\OpenOffice.org [2012.10.14 13:55:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Foxit Software ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.11.2012 00:03:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\jens\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 66,09% Memory free
3,72 Gb Paging File | 3,24 Gb Available in Paging File | 86,97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 67,05 Gb Total Space | 27,02 Gb Free Space | 40,29% Space Free | Partition Type: FAT32
Drive D: | 42,84 Gb Total Space | 7,65 Gb Free Space | 17,85% Space Free | Partition Type: FAT32
Computer Name: DACHS | User Name: jens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UPDATESDISABLENOTIFY" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\mIRC\mirc.exe" = C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam Client -- (Valve Corporation)
"C:\Programme\Azureus\Azureus.exe" = C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Programme\BlobbyVolley\volley.exe" = C:\Programme\BlobbyVolley\volley.exe:*:Enabled:volley -- ()
"C:\Programme\Java\jre1.6.0_02\BIN\javaw.exe" = C:\Programme\Java\jre1.6.0_02\BIN\javaw.exe:*:Enabled:Java(TM) Platform SE binary
"C:\Programme\Counter-Strike\cstrike.exe" = C:\Programme\Counter-Strike\cstrike.exe:*:Enabled:CounterStrike Launcher -- (Valve, L.L.C.)
"C:\Programme\TF2\hl2.exe" = C:\Programme\TF2\hl2.exe:*:Enabled:hl2
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
"C:\Programme\Starcraft\StarCraft.exe" = C:\Programme\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Programme\Mozilla Firefox\FIREFOX.EXE" = C:\Programme\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\System32\SUPDSvc.exe" = C:\WINDOWS\System32\SUPDSvc.exe:*:Enabled:Samsung UPD Service -- (Samsung Electronics CO., LTD.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Steam\steamapps\jenseman@giga4u.de\counter-strike\hl.exe" = C:\Programme\Steam\steamapps\jenseman@giga4u.de\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FF2C26-DBCE-DADA-BEE5-0928E0F8F623}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05F4ABAC-8697-2291-16D8-4BFD7DD78B59}" = CCC Help Japanese
"{07C85A90-668F-A807-5C67-975E0777A9E8}" = Catalyst Control Center Localization Russian
"{0EA06F05-4320-E4DC-4374-E6C0986C964D}" = Catalyst Control Center Localization Finnish
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{137C5C08-8B6F-497A-1529-502359B3BA88}" = Catalyst Control Center Localization Polish
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{17EE76BB-5264-8946-DA8F-D564ED25EDDD}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27599825-6BD9-1081-D1CC-0BFC01157204}" = CCC Help Hungarian
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{2E13776F-DEAF-7C83-C2A9-3BF073D51BFD}" = Catalyst Control Center Localization Swedish
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{3482A5D0-F16D-A6C9-397F-8D85EA61BF93}" = Catalyst Control Center Localization Norwegian
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3CA756-9FB1-60D9-4435-6D9FEB42C637}" = Catalyst Control Center Localization Dutch
"{3E4039F8-5DA8-0414-B7E1-8DA8C8FC1565}" = Catalyst Control Center Localization Thai
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{48D4215F-414F-1554-8534-E3D8156C0666}" = Skins
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A0FAC3C-852D-C0A3-1715-6F844C184CF0}" = CCC Help Portuguese
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B29B49E-F274-58CE-25D2-791570F1619A}" = CCC Help French
"{4B546AE5-DF17-6D39-A846-A9ECD0153C9A}" = Catalyst Control Center Localization Greek
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{57EF4BC7-0C52-1872-C0CE-AEAB996E5626}" = Catalyst Control Center Localization Korean
"{5B701396-48C3-A3FA-43DB-FF975446759C}" = Catalyst Control Center Localization French
"{5ECA8F33-8F8E-1042-2082-5F02E64D6140}" = CCC Help Polish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{68B84920-CD46-8C5B-DABE-EC0FF6F0C703}" = Catalyst Control Center Localization German
"{6AF75C96-2093-51F4-0412-501CB317A7F9}" = CCC Help Thai
"{6D219284-A368-A0A5-AA55-8BAAE9EA60CC}" = Catalyst Control Center Localization Japanese
"{732442CA-AFFC-E75D-C586-2A3C71D8CFFE}" = CCC Help Finnish
"{767EE8DA-A2AA-00A9-1A21-9584E00867B8}" = Catalyst Control Center Core Implementation
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{815B5312-F7B5-EDD5-A899-B0228C3C7F3A}" = CCC Help Turkish
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{857D4360-762B-978B-76AD-491AA719E47A}" = ccc-core-static
"{86552A3A-0437-319B-46C5-569FC9F7ACA9}" = ccc-utility
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89DDBCD4-B326-4545-9A05-26C7B16C1DEB}" = PowerForPhone
"{89EAD7B4-1CAC-CC9E-F040-FE041A2EA77C}" = Catalyst Control Center Localization Spanish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE3174F-3BFE-8822-4493-A0519D1E4E94}" = Catalyst Control Center Localization Portuguese
"{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{9D7802F0-3C39-ED52-10D9-AE8A7FB5A94C}" = Catalyst Control Center Localization Hungarian
"{9F303CF8-2998-4541-C9F7-C3AAEC2B88B0}" = Catalyst Control Center Graphics Full Existing
"{A042FD6F-D051-ECE5-71C9-52ABFE36EBF9}" = Catalyst Control Center Localization Czech
"{A125DDDB-E0C0-08E0-F04C-7B5409DFFC79}" = Catalyst Control Center Graphics Light
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client
"{A6E71574-2126-4E95-816E-32B2411C94BA}" = Ulead MediaStudio Pro 8.0
"{AB1E9EC2-42E4-E801-83BB-AAFF86DDEC7E}" = CCC Help Czech
"{AE3795EC-AE7F-474E-B5A7-D693AA068039}" = Stata 11
"{B02A3921-F7B7-C73F-395B-8172C9EE4006}" = Catalyst Control Center Localization Italian
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD17DEF2-8970-E4F5-337A-C10DE4D33F29}" = CCC Help Korean
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C5A2542D-CF79-3EE6-7673-2CEDA2338172}" = CCC Help Greek
"{C69B9631-B617-B714-7FE2-6FCD5B891ACD}" = Catalyst Control Center Localization Chinese Traditional
"{C6D7BC96-A608-0908-F6E7-53C118423087}" = CCC Help Chinese Standard
"{C8A4038E-4DA5-879D-A353-7443FC3EE22C}" = CCC Help Spanish
"{C9B7D4A2-7A42-96BC-DE77-6EB23F1116A8}" = CCC Help Swedish
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE344E77-B015-C6D0-9A1B-0EA0043E7A52}" = CCC Help Russian
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D9D45F79-D38C-9BCA-4023-6F3E365D5D25}" = CCC Help Dutch
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}" = Branding
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4BCF2E7-B181-C240-B6EC-04A8FA633EEF}" = Catalyst Control Center Graphics Full New
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E91EBA1F-DA25-58B2-365F-FB76BDC81F86}" = Catalyst Control Center Localization Turkish
"{EA2F03AD-BF9D-EECC-F24C-549046AEC17A}" = Catalyst Control Center Localization Danish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EE78C2A7-1413-105B-DC86-3F9FA6B10C2F}" = CCC Help Danish
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F2AAE965-966C-104E-ECCD-9F111A83139C}" = CCC Help Italian
"{F3AEE6A8-5FA3-F9AA-8CA7-D1AAD6352065}" = Catalyst Control Center Localization Chinese Standard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7F564DD-A790-D01A-5390-6D1386AA5621}" = CCC Help Norwegian
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD9B0D38-7B82-5A3A-E046-D8DBF3F06A93}" = CCC Help Chinese Traditional
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Azureus" = Azureus
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Diablo II" = Diablo II
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Half-Life: Counter-Strike" = Half-Life: Counter-Strike
"HControl" = ATK0100 ACPI UTILITY
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF Blender" = PDF Blender
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpeedFan" = SpeedFan (remove only)
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Actualizar Modem Instanet 4G" = Actualizar Modem Instanet 4G
"Skat-Online V6" = Skat-Online V6
"Skat-Online V7" = Skat-Online V7
"Steam App 10" = Counter-Strike
"Sweet Home 3D - Java 3D 1.3" = Sweet Home 3D - Java 3D 1.3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.07.2012 16:42:46 | Computer Name = DACHS | Source = LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst ASP.NET_2.0.50727 (ASP.NET_2.0.50727). Der Fehlercode ist das erste DWORD
im Datenbereich.
Error - 04.07.2012 16:42:49 | Computer Name = DACHS | Source = LoadPerf | ID = 3001
Description = Der Wert für die Namenszeichenfolge im Leistungsindikator in der Registrierung
ist
falsch formatiert. Die ungültige Zeichenfolge ist 15970 und der ungültige Indexwert
ist das erste DWORD im Datenbereich, während die letzten gültigen Indexwerte die
zweiten und dritten DWORD im Datenbereich sind.
Error - 04.07.2012 16:42:49 | Computer Name = DACHS | Source = LoadPerf | ID = 3001
Description = Der Wert für die Namenszeichenfolge im Leistungsindikator in der Registrierung
ist
falsch formatiert. Die ungültige Zeichenfolge ist 15970 und der ungültige Indexwert
ist das erste DWORD im Datenbereich, während die letzten gültigen Indexwerte die
zweiten und dritten DWORD im Datenbereich sind.
Error - 04.07.2012 16:42:49 | Computer Name = DACHS | Source = LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst aspnet_state (ASP.NET-Zustandsdienst). Der Fehlercode ist das erste DWORD
im Datenbereich.
Error - 04.07.2012 16:42:49 | Computer Name = DACHS | Source = LoadPerf | ID = 3001
Description = Der Wert für die Namenszeichenfolge im Leistungsindikator in der Registrierung
ist
falsch formatiert. Die ungültige Zeichenfolge ist 15970 und der ungültige Indexwert
ist das erste DWORD im Datenbereich, während die letzten gültigen Indexwerte die
zweiten und dritten DWORD im Datenbereich sind.
Error - 05.07.2012 01:42:39 | Computer Name = DACHS | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 13.07.2012 13:25:42 | Computer Name = DACHS | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 16.07.2012 03:56:29 | Computer Name = DACHS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 13.0.1.4548,
fehlgeschlagenes Modul foxitr~1.ocx, Version 1.0.1.224, Fehleradresse 0x000268d1.
Error - 18.07.2012 02:38:47 | Computer Name = DACHS | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 27.07.2012 07:31:17 | Computer Name = DACHS | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 12.11.2012 11:49:08 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 12.11.2012 18:51:29 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 13.11.2012 03:48:43 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 13.11.2012 12:56:12 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 14.11.2012 13:16:32 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 14.11.2012 17:21:45 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 14.11.2012 17:26:32 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 14.11.2012 18:36:09 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 14.11.2012 18:47:28 | Computer Name = DACHS | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 14.11.2012 18:50:44 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
[ System Events ]
Error - 02.11.2012 13:54:59 | Computer Name = DACHS | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 02.11.2012 13:55:04 | Computer Name = DACHS | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 08.11.2012 05:14:39 | Computer Name = DACHS | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.150 für die Netzwerkkarte mit der Netzwerkadresse
001BFC94372B wurde durch den DHCP-Server 1.1.1.1 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 08.11.2012 12:12:17 | Computer Name = DACHS | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.199.8.22 für die Netzwerkkarte mit der Netzwerkadresse
001BFC94372B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 09.11.2012 15:01:36 | Computer Name = DACHS | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 001BFC94372B zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 14.11.2012 17:20:58 | Computer Name = DACHS | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
< End of report >
Ich hoffe, ich habe alle nötigen Infos gepostet! Viele Grüße |
|
15.11.2012, 00:47
| #2 |
| | Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? Und hier noch der Gmer-Log.
__________________ Gmer: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-15 00:23:15
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9120822AS rev.3.ALC
Running: jx0d6i8l.exe; Driver: C:\DOKUME~1\jens\LOKALE~1\Temp\kxtdapow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAF08E708]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xAF08F11C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAF0D0401]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAF099F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAF099F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAF09A0F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAF0CFDB5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAF099E96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAF099FB8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAF099EDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xAF08F310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAF09A0B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xAF08FA9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAF08E756]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAF0D0AC7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAF0D0D7D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAF0930E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAF0D0932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAF0D079D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAF08E3BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAF08E7A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAF093456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAF090464]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAF099F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAF099F96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAF09A11A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAF0D0111]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAF099EBC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAF092C5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAF09A03A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAF099F06]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAF092E8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAF09A0D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAF0D0618]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAF090330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAF0D046A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xAF08FEDA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAF14530E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAF0CF428]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAF08E7F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAF08E840]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xAF08F91C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAF08E448]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAF08E5F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAF0D0BCE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAF08E59E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xAF08FBFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xAF08FD5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAF08E668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xAF08F632]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xAF08F794]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAF08E88E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xAF08F160]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAF151966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [F2, E7, 08, AF, 40, E8, 08, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [FE, FB, 08, AF, 5A, FD, 08, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 300C 80504904 4 Bytes CALL B390F811
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL AF090AF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP AF14E806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP AF150320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP AF15196A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP AF094A6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP AF09495E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP AF094918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C56B 5 Bytes JMP AF093FCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240DB 5 Bytes JMP AF0936E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A45 5 Bytes JMP AF094BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831490 5 Bytes JMP AF094DE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839EC7 5 Bytes JMP AF09481E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85176B 5 Bytes JMP AF0935AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC9A 5 Bytes JMP AF09408C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E304 5 Bytes JMP AF093B40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E38F 5 Bytes JMP AF093E06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F600 5 Bytes JMP AF093592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5466 BF8649DE 5 Bytes JMP AF0949A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 362A BF873207 5 Bytes JMP AF093C00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4167 BF873D44 5 Bytes JMP AF093DC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890E3F 5 Bytes JMP AF0940A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8943E9 5 Bytes JMP AF094B20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894EC1 5 Bytes JMP AF094D3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C276 5 Bytes JMP AF093FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D80B 5 Bytes JMP AF093756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A96F BF8C1C9C 5 Bytes JMP AF093866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA12D 5 Bytes JMP AF09393E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA3AD 5 Bytes JMP AF093A6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B2E BF8EBD41 5 Bytes JMP AF09348C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB49 BF8F4D5C 5 Bytes JMP AF093FE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A40 BF9143A8 5 Bytes JMP AF093682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2614 BF914F7C 5 Bytes JMP AF093812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F8D BF9178F5 5 Bytes JMP AF093F20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1934 BF947A54 5 Bytes JMP AF094C96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAC762300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA448300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Java\jre6\bin\jqs.exe[256] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Java\jre6\bin\jqs.exe[256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[304] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[304] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[400] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[400] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[416] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[448] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[448] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe[540] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe[540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[640] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[700] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[700] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[732] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[776] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[960] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[960] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ATK0100\HControl.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\ATK0100\HControl.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe[1380] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe[1380] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\ASUS\ATK Media\DMEDIA.EXE[1556] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\ASUS\ATK Media\DMEDIA.EXE[1556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Wireless Console 2\wcourier.exe[1568] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Wireless Console 2\wcourier.exe[1568] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[1572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1624] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1696] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1696] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\SUPERAntiSpyware\SASCORE.EXE[1864] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\SUPERAntiSpyware\SASCORE.EXE[1864] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1888] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Bonjour\mDNSResponder.exe[1908] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Bonjour\mDNSResponder.exe[1908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1932] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\iTunes\iTunesHelper.exe[1968] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\iTunes\iTunesHelper.exe[1968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ASUSTPE.exe[1988] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\ASUSTPE.exe[1988] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2064] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2064] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ATK0100\ATKOSD.exe[2284] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\ATK0100\ATKOSD.exe[2284] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\iPod\bin\iPodService.exe[3220] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\iPod\bin\iPodService.exe[3220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Dokumente und Einstellungen\jens\Desktop\jx0d6i8l.exe[3268] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\jens\Desktop\jx0d6i8l.exe[3268] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3420] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4072] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4072] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA7 0x07 0x05 0x98 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x13 0x45 0x61 0xE3 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x56 0x4F 0x9B 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA7 0x07 0x05 0x98 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x13 0x45 0x61 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x56 0x4F 0x9B 0xA2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA7 0x07 0x05 0x98 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x13 0x45 0x61 0xE3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4B 0x49 0x9C 0xB6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA7 0x07 0x05 0x98 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x13 0x45 0x61 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x56 0x4F 0x9B 0xA2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA7 0x07 0x05 0x98 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x13 0x45 0x61 0xE3 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x56 0x4F 0x9B 0xA2 ...
---- EOF - GMER 1.0.15 ----
|
|
17.11.2012, 15:04
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
17.11.2012, 15:29
| #4 |
| | Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? Vielen vielen Dank für die Hilfe! Hier sind die Reports (gelöscht habe ich noch nichts): aswMBR Report Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-17 15:15:38
-----------------------------
15:15:38.390 OS Version: Windows 5.1.2600 Service Pack 3
15:15:38.390 Number of processors: 2 586 0xE0C
15:15:38.390 ComputerName: DACHS UserName: jens
15:15:39.156 Initialize success
15:15:43.171 AVAST engine defs: 12111700
15:16:46.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:16:46.656 Disk 0 Vendor: ST9120822AS 3.ALC Size: 114473MB BusType: 3
15:16:46.687 Disk 0 MBR read successfully
15:16:46.687 Disk 0 MBR scan
15:16:46.687 Disk 0 Windows XP default MBR code
15:16:46.687 Disk 0 Partition 1 00 1B Hidd FAT32 MSWIN4.1 1906 MB offset 63
15:16:46.703 Disk 0 Partition 2 80 (A) 0C FAT32 LBA MSWIN4.1 68676 MB offset 3903795
15:16:46.703 Disk 0 Partition - 00 0F Extended LBA 43888 MB offset 144552870
15:16:46.718 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 43888 MB offset 144552933
15:16:46.734 Disk 0 scanning sectors +234436545
15:16:46.750 Disk 0 scanning C:\WINDOWS\system32\drivers
15:16:53.359 Service scanning
15:17:03.734 Modules scanning
15:17:09.250 Disk 0 trace - called modules:
15:17:09.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:17:09.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8f9ab8]
15:17:09.265 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007f[0x8a97e768]
15:17:09.265 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a96ad50]
15:17:09.625 AVAST engine scan C:\WINDOWS
15:17:21.109 AVAST engine scan C:\WINDOWS\system32
15:19:46.312 AVAST engine scan C:\WINDOWS\system32\drivers
15:19:57.500 AVAST engine scan C:\Dokumente und Einstellungen\jens
15:21:49.031 AVAST engine scan C:\Dokumente und Einstellungen\All Users
15:22:17.000 Scan finished successfully
15:22:26.500 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\jens\Desktop\MBR.dat"
15:22:26.500 The log file has been saved successfully to "C:\Dokumente und Einstellungen\jens\Desktop\aswMBR.txt"
Code:
ATTFilter 15:24:12.0375 1404 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:24:12.0531 1404 ============================================================
15:24:12.0531 1404 Current date / time: 2012/11/17 15:24:12.0531
15:24:12.0531 1404 SystemInfo:
15:24:12.0531 1404
15:24:12.0531 1404 OS Version: 5.1.2600 ServicePack: 3.0
15:24:12.0531 1404 Product type: Workstation
15:24:12.0531 1404 ComputerName: DACHS
15:24:12.0531 1404 UserName: jens
15:24:12.0531 1404 Windows directory: C:\WINDOWS
15:24:12.0531 1404 System windows directory: C:\WINDOWS
15:24:12.0531 1404 Processor architecture: Intel x86
15:24:12.0531 1404 Number of processors: 2
15:24:12.0531 1404 Page size: 0x1000
15:24:12.0531 1404 Boot type: Normal boot
15:24:12.0531 1404 ============================================================
15:24:13.0421 1404 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:24:13.0484 1404 ============================================================
15:24:13.0484 1404 \Device\Harddisk0\DR0:
15:24:13.0484 1404 MBR partitions:
15:24:13.0484 1404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3B9133, BlocksNum 0x8622273
15:24:13.0500 1404 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x89DB3E5, BlocksNum 0x55B83DC
15:24:13.0500 1404 ============================================================
15:24:13.0515 1404 C: <-> \Device\Harddisk0\DR0\Partition1
15:24:13.0531 1404 D: <-> \Device\Harddisk0\DR0\Partition2
15:24:13.0531 1404 ============================================================
15:24:13.0531 1404 Initialize success
15:24:13.0531 1404 ============================================================
15:24:51.0031 0168 ============================================================
15:24:51.0031 0168 Scan started
15:24:51.0031 0168 Mode: Manual; SigCheck; TDLFS;
15:24:51.0031 0168 ============================================================
15:24:51.0406 0168 ================ Scan system memory ========================
15:24:51.0406 0168 System memory - ok
15:24:51.0406 0168 ================ Scan services =============================
15:24:51.0531 0168 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Programme\SUPERAntiSpyware\SASCORE.EXE
15:24:51.0656 0168 !SASCORE - ok
15:24:51.0734 0168 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
15:24:52.0062 0168 Aavmker4 - ok
15:24:52.0078 0168 Abiosdsk - ok
15:24:52.0078 0168 abp480n5 - ok
15:24:52.0156 0168 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:24:52.0375 0168 ACPI - ok
15:24:52.0390 0168 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:24:52.0531 0168 ACPIEC - ok
15:24:52.0593 0168 [ E850B0A94E8703CCBC980B31594DC408 ] acsint C:\WINDOWS\system32\DRIVERS\acsint.sys
15:24:52.0609 0168 acsint - ok
15:24:52.0656 0168 [ EA2429C90AEAB09D7F3A99B16DA23CED ] acsmux C:\WINDOWS\system32\DRIVERS\acsmux.sys
15:24:52.0671 0168 acsmux - ok
15:24:52.0718 0168 [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
15:24:52.0734 0168 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
15:24:52.0734 0168 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
15:24:52.0734 0168 adpu160m - ok
15:24:52.0781 0168 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:24:52.0906 0168 aec - ok
15:24:52.0953 0168 [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:24:52.0984 0168 AegisP ( UnsignedFile.Multi.Generic ) - warning
15:24:52.0984 0168 AegisP - detected UnsignedFile.Multi.Generic (1)
15:24:53.0000 0168 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:24:53.0078 0168 AFD - ok
15:24:53.0078 0168 Aha154x - ok
15:24:53.0093 0168 aic78u2 - ok
15:24:53.0093 0168 aic78xx - ok
15:24:53.0156 0168 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:24:53.0281 0168 Alerter - ok
15:24:53.0343 0168 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
15:24:53.0453 0168 ALG - ok
15:24:53.0468 0168 AliIde - ok
15:24:53.0484 0168 amsint - ok
15:24:53.0562 0168 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:24:53.0578 0168 Apple Mobile Device - ok
15:24:53.0640 0168 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:24:53.0796 0168 AppMgmt - ok
15:24:53.0812 0168 asc - ok
15:24:53.0812 0168 asc3350p - ok
15:24:53.0828 0168 asc3550 - ok
15:24:53.0890 0168 [ 05A56C3156E1B6CC7BBD8E1D54D491F2 ] ASNDIS5 C:\WINDOWS\ATK0100\ASNDIS5.SYS
15:24:53.0906 0168 ASNDIS5 - ok
15:24:53.0984 0168 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:24:54.0000 0168 aspnet_state - ok
15:24:54.0031 0168 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:24:54.0046 0168 aswFsBlk - ok
15:24:54.0062 0168 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
15:24:54.0078 0168 aswMon2 - ok
15:24:54.0109 0168 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
15:24:54.0125 0168 aswRdr - ok
15:24:54.0187 0168 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
15:24:54.0218 0168 aswSnx - ok
15:24:54.0250 0168 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
15:24:54.0281 0168 aswSP - ok
15:24:54.0296 0168 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
15:24:54.0312 0168 aswTdi - ok
15:24:54.0375 0168 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:24:54.0500 0168 AsyncMac - ok
15:24:54.0531 0168 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:24:54.0640 0168 atapi - ok
15:24:54.0687 0168 [ F38A6E25C67798FF5F4AF85ACED4FB87 ] AtcL002 C:\WINDOWS\system32\DRIVERS\atl02_xp.sys
15:24:54.0734 0168 AtcL002 - ok
15:24:54.0734 0168 Atdisk - ok
15:24:54.0859 0168 [ 29B2874B3956B62C0DBEA32D75A8E776 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
15:24:54.0937 0168 Ati HotKey Poller - ok
15:24:55.0046 0168 [ A1789368B4A31D2111AF7AEDA0C8D3FC ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:24:55.0187 0168 ati2mtag - ok
15:24:55.0296 0168 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
15:24:55.0328 0168 atksgt - ok
15:24:55.0359 0168 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:24:55.0484 0168 Atmarpc - ok
15:24:55.0625 0168 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:24:55.0765 0168 AudioSrv - ok
15:24:55.0796 0168 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:24:55.0921 0168 audstub - ok
15:24:56.0031 0168 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\Alwil Software\Avast5\AvastSvc.exe
15:24:56.0046 0168 avast! Antivirus - ok
15:24:56.0093 0168 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:24:56.0156 0168 BCM43XX - ok
15:24:56.0187 0168 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:24:56.0312 0168 Beep - ok
15:24:56.0375 0168 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
15:24:56.0500 0168 BITS - ok
15:24:56.0578 0168 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
15:24:56.0609 0168 Bonjour Service - ok
15:24:56.0671 0168 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
15:24:56.0734 0168 Browser - ok
15:24:56.0765 0168 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:24:57.0328 0168 cbidf2k - ok
15:24:57.0390 0168 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:24:57.0500 0168 CCDECODE - ok
15:24:57.0515 0168 cd20xrnt - ok
15:24:57.0531 0168 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:24:57.0671 0168 Cdaudio - ok
15:24:57.0703 0168 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:24:57.0812 0168 Cdfs - ok
15:24:57.0843 0168 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:24:57.0953 0168 Cdrom - ok
15:24:57.0953 0168 Changer - ok
15:24:58.0046 0168 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:24:58.0171 0168 CiSvc - ok
15:24:58.0234 0168 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:24:58.0343 0168 ClipSrv - ok
15:24:58.0421 0168 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:24:58.0437 0168 clr_optimization_v2.0.50727_32 - ok
15:24:58.0468 0168 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:24:58.0593 0168 CmBatt - ok
15:24:58.0609 0168 CmdIde - ok
15:24:58.0625 0168 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:24:58.0750 0168 Compbatt - ok
15:24:58.0796 0168 COMSysApp - ok
15:24:58.0812 0168 Cpqarray - ok
15:24:58.0906 0168 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:24:59.0046 0168 CryptSvc - ok
15:24:59.0062 0168 dac2w2k - ok
15:24:59.0078 0168 dac960nt - ok
15:24:59.0140 0168 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:24:59.0218 0168 DcomLaunch - ok
15:24:59.0281 0168 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:24:59.0406 0168 Dhcp - ok
15:24:59.0437 0168 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:24:59.0546 0168 Disk - ok
15:24:59.0593 0168 dmadmin - ok
15:24:59.0671 0168 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:24:59.0796 0168 dmboot - ok
15:24:59.0812 0168 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:24:59.0937 0168 dmio - ok
15:24:59.0953 0168 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:25:00.0062 0168 dmload - ok
15:25:00.0109 0168 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:25:00.0234 0168 dmserver - ok
15:25:00.0265 0168 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:25:00.0406 0168 DMusic - ok
15:25:00.0468 0168 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:25:00.0515 0168 Dnscache - ok
15:25:00.0609 0168 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:25:00.0734 0168 Dot3svc - ok
15:25:00.0750 0168 dpti2o - ok
15:25:00.0781 0168 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:25:00.0890 0168 drmkaud - ok
15:25:00.0937 0168 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:25:01.0062 0168 EapHost - ok
15:25:01.0140 0168 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:25:01.0265 0168 ERSvc - ok
15:25:01.0328 0168 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
15:25:01.0359 0168 Eventlog - ok
15:25:01.0421 0168 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
15:25:01.0468 0168 EventSystem - ok
15:25:01.0500 0168 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:25:01.0609 0168 Fastfat - ok
15:25:01.0640 0168 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:25:01.0687 0168 FastUserSwitchingCompatibility - ok
15:25:01.0718 0168 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
15:25:01.0828 0168 Fdc - ok
15:25:01.0843 0168 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:25:01.0968 0168 Fips - ok
15:25:02.0000 0168 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
15:25:02.0125 0168 Flpydisk - ok
15:25:02.0156 0168 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:25:02.0281 0168 FltMgr - ok
15:25:02.0390 0168 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:25:02.0406 0168 FontCache3.0.0.0 - ok
15:25:02.0437 0168 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:25:02.0578 0168 Fs_Rec - ok
15:25:02.0593 0168 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:25:02.0718 0168 Ftdisk - ok
15:25:02.0750 0168 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:25:02.0765 0168 GEARAspiWDM - ok
15:25:02.0812 0168 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
15:25:02.0828 0168 giveio ( UnsignedFile.Multi.Generic ) - warning
15:25:02.0828 0168 giveio - detected UnsignedFile.Multi.Generic (1)
15:25:02.0859 0168 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:25:02.0984 0168 Gpc - ok
15:25:03.0015 0168 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:25:03.0140 0168 HDAudBus - ok
15:25:03.0187 0168 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:25:03.0312 0168 helpsvc - ok
15:25:03.0343 0168 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
15:25:03.0468 0168 HidServ - ok
15:25:03.0500 0168 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:25:03.0625 0168 HidUsb - ok
15:25:03.0703 0168 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:25:03.0828 0168 hkmsvc - ok
15:25:03.0828 0168 hpn - ok
15:25:03.0890 0168 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:25:03.0937 0168 HTTP - ok
15:25:04.0000 0168 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:25:04.0125 0168 HTTPFilter - ok
15:25:04.0156 0168 i2omgmt - ok
15:25:04.0156 0168 i2omp - ok
15:25:04.0187 0168 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:25:04.0312 0168 i8042prt - ok
15:25:04.0375 0168 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT c:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:25:04.0390 0168 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:25:04.0390 0168 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:25:04.0468 0168 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:25:04.0515 0168 idsvc - ok
15:25:04.0562 0168 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:25:04.0687 0168 Imapi - ok
15:25:04.0750 0168 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
15:25:04.0859 0168 ImapiService - ok
15:25:04.0875 0168 ini910u - ok
15:25:05.0078 0168 [ 47F27AF890DA3E51C633FDD510910115 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:25:05.0343 0168 IntcAzAudAddService - ok
15:25:05.0390 0168 IntelIde - ok
15:25:05.0421 0168 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:25:05.0562 0168 intelppm - ok
15:25:05.0593 0168 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:25:05.0703 0168 Ip6Fw - ok
15:25:05.0734 0168 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:25:05.0859 0168 IpFilterDriver - ok
15:25:05.0906 0168 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:25:06.0031 0168 IpInIp - ok
15:25:06.0078 0168 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:25:06.0203 0168 IpNat - ok
15:25:06.0328 0168 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Programme\iPod\bin\iPodService.exe
15:25:06.0359 0168 iPod Service - ok
15:25:06.0390 0168 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:25:06.0515 0168 IPSec - ok
15:25:06.0546 0168 [ EE8CC26924A6F07972BBF04487EBD552 ] ipswuio C:\WINDOWS\system32\DRIVERS\ipswuio.sys
15:25:06.0562 0168 ipswuio ( UnsignedFile.Multi.Generic ) - warning
15:25:06.0562 0168 ipswuio - detected UnsignedFile.Multi.Generic (1)
15:25:06.0593 0168 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:25:06.0718 0168 IRENUM - ok
15:25:06.0765 0168 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:25:06.0875 0168 isapnp - ok
15:25:06.0968 0168 [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
15:25:07.0031 0168 JavaQuickStarterService - ok
15:25:07.0062 0168 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:25:07.0187 0168 Kbdclass - ok
15:25:07.0218 0168 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:25:07.0343 0168 kbdhid - ok
15:25:07.0390 0168 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:25:07.0500 0168 kmixer - ok
15:25:07.0828 0168 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:25:07.0968 0168 KSecDD - ok
15:25:08.0546 0168 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:25:08.0625 0168 lanmanserver - ok
15:25:09.0359 0168 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:25:09.0406 0168 lanmanworkstation - ok
15:25:09.0421 0168 lbrtfdc - ok
15:25:09.0500 0168 [ 5712DCBE52D68865CCA91AE04807B755 ] LightScribeService c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
15:25:09.0515 0168 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:25:09.0515 0168 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:25:09.0562 0168 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
15:25:09.0578 0168 lirsgt - ok
15:25:09.0625 0168 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:25:09.0765 0168 LmHosts - ok
15:25:09.0796 0168 [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
15:25:09.0812 0168 LVUSBSta - ok
15:25:09.0875 0168 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:25:10.0000 0168 Messenger - ok
15:25:10.0031 0168 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:25:10.0156 0168 mnmdd - ok
15:25:10.0203 0168 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:25:10.0328 0168 mnmsrvc - ok
15:25:10.0343 0168 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:25:10.0468 0168 Modem - ok
15:25:10.0484 0168 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:25:10.0609 0168 MODEMCSA - ok
15:25:10.0640 0168 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:25:10.0765 0168 Mouclass - ok
15:25:10.0796 0168 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:25:10.0937 0168 mouhid - ok
15:25:10.0968 0168 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:25:11.0062 0168 MountMgr - ok
15:25:11.0140 0168 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
15:25:11.0156 0168 MozillaMaintenance - ok
15:25:11.0234 0168 MpKsl9753d9dd - ok
15:25:11.0250 0168 mraid35x - ok
15:25:11.0281 0168 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:25:11.0406 0168 MRxDAV - ok
15:25:11.0453 0168 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:25:11.0546 0168 MRxSmb - ok
15:25:11.0593 0168 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:25:11.0734 0168 MSDTC - ok
15:25:11.0750 0168 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:25:11.0875 0168 Msfs - ok
15:25:11.0906 0168 MSIServer - ok
15:25:11.0953 0168 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:25:12.0078 0168 MSKSSRV - ok
15:25:12.0109 0168 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:25:12.0218 0168 MSPCLOCK - ok
15:25:12.0234 0168 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:25:12.0359 0168 MSPQM - ok
15:25:12.0375 0168 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:25:12.0484 0168 mssmbios - ok
15:25:12.0500 0168 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:25:12.0625 0168 MSTEE - ok
15:25:12.0656 0168 [ E333010A50BF603ACC350F6019E9CE02 ] MTsensor C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
15:25:12.0671 0168 MTsensor - ok
15:25:12.0703 0168 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:25:12.0750 0168 Mup - ok
15:25:12.0781 0168 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:25:12.0906 0168 NABTSFEC - ok
15:25:12.0984 0168 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
15:25:13.0109 0168 napagent - ok
15:25:13.0140 0168 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:25:13.0265 0168 NDIS - ok
15:25:13.0281 0168 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:25:13.0406 0168 NdisIP - ok
15:25:13.0453 0168 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:25:13.0484 0168 NdisTapi - ok
15:25:13.0531 0168 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:25:13.0656 0168 Ndisuio - ok
15:25:13.0703 0168 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:25:13.0812 0168 NdisWan - ok
15:25:13.0843 0168 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:25:13.0906 0168 NDProxy - ok
15:25:13.0921 0168 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:25:14.0046 0168 NetBIOS - ok
15:25:14.0078 0168 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\NETBT.SYS
15:25:14.0203 0168 NetBT - ok
15:25:14.0265 0168 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
15:25:14.0375 0168 NetDDE - ok
15:25:14.0375 0168 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:25:14.0484 0168 NetDDEdsdm - ok
15:25:14.0593 0168 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:25:14.0718 0168 Netlogon - ok
15:25:14.0796 0168 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
15:25:15.0046 0168 Netman - ok
15:25:15.0156 0168 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:25:15.0171 0168 NetTcpPortSharing - ok
15:25:15.0218 0168 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
15:25:15.0265 0168 Nla - ok
15:25:15.0281 0168 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:25:15.0390 0168 Npfs - ok
15:25:15.0484 0168 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:25:15.0656 0168 Ntfs - ok
15:25:15.0687 0168 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:25:15.0796 0168 NtLmSsp - ok
15:25:15.0968 0168 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:25:16.0093 0168 NtmsSvc - ok
15:25:16.0140 0168 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:25:16.0250 0168 Null - ok
15:25:16.0281 0168 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:25:16.0421 0168 NwlnkFlt - ok
15:25:16.0421 0168 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:25:16.0562 0168 NwlnkFwd - ok
15:25:16.0593 0168 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
15:25:16.0718 0168 Parport - ok
15:25:16.0750 0168 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:25:16.0859 0168 PartMgr - ok
15:25:16.0875 0168 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:25:17.0000 0168 ParVdm - ok
15:25:17.0031 0168 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:25:17.0140 0168 PCI - ok
15:25:17.0156 0168 PCIDump - ok
15:25:17.0156 0168 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:25:17.0296 0168 PCIIde - ok
15:25:17.0328 0168 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:25:17.0453 0168 Pcmcia - ok
15:25:17.0484 0168 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
15:25:17.0484 0168 pcouffin ( UnsignedFile.Multi.Generic ) - warning
15:25:17.0484 0168 pcouffin - detected UnsignedFile.Multi.Generic (1)
15:25:17.0500 0168 PDCOMP - ok
15:25:17.0515 0168 PDFRAME - ok
15:25:17.0515 0168 PDRELI - ok
15:25:17.0531 0168 PDRFRAME - ok
15:25:17.0531 0168 perc2 - ok
15:25:17.0546 0168 perc2hib - ok
15:25:17.0656 0168 [ A7598E897DA639E255AD4188FA398478 ] PID_PEPI C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
15:25:17.0703 0168 PID_PEPI - ok
15:25:17.0781 0168 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
15:25:17.0828 0168 PlugPlay - ok
15:25:17.0875 0168 [ 831883B107684301F48ACE752C963984 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
15:25:17.0890 0168 PnkBstrA - ok
15:25:17.0953 0168 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:25:18.0078 0168 PolicyAgent - ok
15:25:18.0125 0168 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:25:18.0250 0168 PptpMiniport - ok
15:25:18.0265 0168 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:25:18.0375 0168 ProtectedStorage - ok
15:25:18.0421 0168 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:25:18.0593 0168 PSched - ok
15:25:18.0609 0168 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:25:18.0750 0168 Ptilink - ok
15:25:18.0765 0168 ql1080 - ok
15:25:18.0765 0168 Ql10wnt - ok
15:25:18.0781 0168 ql12160 - ok
15:25:18.0796 0168 ql1240 - ok
15:25:18.0796 0168 ql1280 - ok
15:25:18.0859 0168 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:25:19.0000 0168 RasAcd - ok
15:25:19.0062 0168 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:25:19.0171 0168 RasAuto - ok
15:25:19.0203 0168 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:25:19.0328 0168 Rasl2tp - ok
15:25:19.0390 0168 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:25:19.0515 0168 RasMan - ok
15:25:19.0531 0168 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:25:19.0671 0168 RasPppoe - ok
15:25:19.0687 0168 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:25:19.0812 0168 Raspti - ok
15:25:19.0843 0168 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:25:19.0953 0168 Rdbss - ok
15:25:19.0968 0168 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:25:20.0125 0168 RDPCDD - ok
15:25:20.0156 0168 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:25:20.0281 0168 rdpdr - ok
15:25:20.0312 0168 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:25:20.0375 0168 RDPWD - ok
15:25:20.0406 0168 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:25:20.0531 0168 RDSessMgr - ok
15:25:20.0578 0168 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:25:20.0687 0168 redbook - ok
15:25:20.0781 0168 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:25:20.0921 0168 RemoteAccess - ok
15:25:20.0953 0168 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:25:21.0062 0168 RemoteRegistry - ok
15:25:21.0125 0168 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:25:21.0250 0168 RpcLocator - ok
15:25:21.0296 0168 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:25:21.0328 0168 RpcSs - ok
15:25:21.0390 0168 [ A3B23FB3F295694091F51865F98588B2 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
15:25:21.0390 0168 rspndr ( UnsignedFile.Multi.Generic ) - warning
15:25:21.0390 0168 rspndr - detected UnsignedFile.Multi.Generic (1)
15:25:21.0453 0168 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:25:21.0578 0168 RSVP - ok
15:25:21.0609 0168 [ DAAF657C0B5BD0595669496857040F75 ] RTSTOR C:\WINDOWS\system32\drivers\RTSTOR.SYS
15:25:21.0656 0168 RTSTOR - ok
15:25:21.0718 0168 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
15:25:21.0828 0168 SamSs - ok
15:25:21.0906 0168 [ BD26A150DC292913E48EE2B950372DFD ] Samsung UPD Service C:\WINDOWS\system32\SUPDSvc.exe
15:25:21.0921 0168 Samsung UPD Service - ok
15:25:21.0984 0168 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
15:25:22.0000 0168 SASDIFSV - ok
15:25:22.0015 0168 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
15:25:22.0031 0168 SASKUTIL - ok
15:25:22.0078 0168 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:25:22.0203 0168 SCardSvr - ok
15:25:22.0265 0168 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:25:22.0375 0168 Schedule - ok
15:25:22.0406 0168 [ 59A9EB4073A39895AF314780D0A032FA ] SE27bus C:\WINDOWS\system32\DRIVERS\SE27bus.sys
15:25:22.0421 0168 SE27bus ( UnsignedFile.Multi.Generic ) - warning
15:25:22.0421 0168 SE27bus - detected UnsignedFile.Multi.Generic (1)
15:25:22.0453 0168 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:25:22.0578 0168 Secdrv - ok
15:25:22.0625 0168 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
15:25:22.0750 0168 seclogon - ok
15:25:22.0812 0168 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
15:25:22.0937 0168 SENS - ok
15:25:22.0968 0168 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
15:25:23.0109 0168 Serial - ok
15:25:23.0140 0168 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:25:23.0250 0168 Sfloppy - ok
15:25:23.0312 0168 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:25:23.0453 0168 SharedAccess - ok
15:25:23.0484 0168 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:25:23.0531 0168 ShellHWDetection - ok
15:25:23.0546 0168 Simbad - ok
15:25:23.0781 0168 [ 2A99850C2A6EDD6C6602E822C716EDAF ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:25:23.0890 0168 Skype C2C Service - ok
15:25:24.0078 0168 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
15:25:24.0093 0168 SkypeUpdate - ok
15:25:24.0156 0168 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:25:24.0281 0168 SLIP - ok
15:25:24.0359 0168 [ B8C571FBF5A4B341A95CDF0DE74D7B11 ] smserial C:\WINDOWS\system32\DRIVERS\smserial.sys
15:25:24.0421 0168 smserial - ok
15:25:24.0437 0168 Sparrow - ok
15:25:24.0500 0168 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys
15:25:24.0515 0168 speedfan - ok
15:25:24.0562 0168 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:25:24.0687 0168 splitter - ok
15:25:24.0750 0168 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:25:24.0781 0168 Spooler - ok
15:25:24.0843 0168 [ D390675B8CE45E5FB359338E5E649329 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
15:25:24.0890 0168 sptd - ok
15:25:24.0906 0168 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:25:25.0015 0168 sr - ok
15:25:25.0109 0168 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
15:25:25.0234 0168 srservice - ok
15:25:25.0265 0168 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:25:25.0328 0168 Srv - ok
15:25:25.0390 0168 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:25:25.0500 0168 SSDPSRV - ok
15:25:25.0546 0168 [ 5EC550B8952882EE856B862CF648522D ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:25:25.0562 0168 ssmdrv - ok
15:25:25.0609 0168 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:25:25.0750 0168 stisvc - ok
15:25:25.0781 0168 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:25:25.0906 0168 streamip - ok
15:25:25.0921 0168 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:25:26.0046 0168 swenum - ok
15:25:26.0078 0168 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:25:26.0187 0168 swmidi - ok
15:25:26.0250 0168 SwPrv - ok
15:25:26.0265 0168 symc810 - ok
15:25:26.0281 0168 symc8xx - ok
15:25:26.0328 0168 [ 3C6790D26D03FE5163E2BEC490E51A7E ] SymEvent C:\Programme\Symantec\SYMEVENT.SYS
15:25:26.0343 0168 SymEvent - ok
15:25:26.0359 0168 sym_hi - ok
15:25:26.0359 0168 sym_u3 - ok
15:25:26.0390 0168 [ 69BF2DD9B1099D1AA3E7CF14B4B842CD ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:25:26.0453 0168 SynTP - ok
15:25:26.0484 0168 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:25:26.0609 0168 sysaudio - ok
15:25:26.0687 0168 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:25:26.0796 0168 SysmonLog - ok
15:25:26.0859 0168 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:25:26.0984 0168 TapiSrv - ok
15:25:27.0031 0168 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:25:27.0078 0168 Tcpip - ok
15:25:27.0140 0168 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:25:27.0234 0168 TDPIPE - ok
15:25:27.0250 0168 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:25:27.0375 0168 TDTCP - ok
15:25:27.0406 0168 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:25:27.0515 0168 TermDD - ok
15:25:27.0578 0168 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
15:25:27.0703 0168 TermService - ok
15:25:27.0765 0168 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
15:25:27.0781 0168 Themes - ok
15:25:27.0843 0168 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:25:27.0984 0168 TlntSvr - ok
15:25:27.0984 0168 TosIde - ok
15:25:28.0062 0168 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:25:28.0187 0168 TrkWks - ok
15:25:28.0218 0168 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:25:28.0328 0168 Udfs - ok
15:25:28.0421 0168 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
15:25:28.0437 0168 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
15:25:28.0437 0168 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
15:25:28.0453 0168 ultra - ok
15:25:28.0484 0168 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:25:28.0625 0168 Update - ok
15:25:28.0687 0168 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:25:28.0812 0168 upnphost - ok
15:25:28.0859 0168 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
15:25:28.0984 0168 UPS - ok
15:25:29.0015 0168 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
15:25:29.0078 0168 USBAAPL - ok
15:25:29.0109 0168 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
15:25:29.0218 0168 usbaudio - ok
15:25:29.0234 0168 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:25:29.0359 0168 usbccgp - ok
15:25:29.0375 0168 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:25:29.0484 0168 usbehci - ok
15:25:29.0515 0168 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:25:29.0640 0168 usbhub - ok
15:25:29.0671 0168 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:25:29.0796 0168 usbohci - ok
15:25:29.0828 0168 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:25:29.0953 0168 usbprint - ok
15:25:29.0984 0168 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:25:30.0109 0168 usbscan - ok
15:25:30.0125 0168 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:25:30.0250 0168 usbstor - ok
15:25:30.0281 0168 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:25:30.0406 0168 VgaSave - ok
15:25:30.0406 0168 ViaIde - ok
15:25:30.0453 0168 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:25:30.0562 0168 VolSnap - ok
15:25:30.0671 0168 [ 18507BDC6C15BD464DE9AB18B6AF1C23 ] vpnagent C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
15:25:30.0703 0168 vpnagent - ok
15:25:30.0718 0168 [ FDDAFA1C89B0B07494AF5879F7ECE857 ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
15:25:30.0734 0168 vpnva - ok
15:25:30.0828 0168 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
15:25:30.0953 0168 VSS - ok
15:25:31.0015 0168 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
15:25:31.0140 0168 W32Time - ok
15:25:31.0171 0168 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:25:31.0296 0168 Wanarp - ok
15:25:31.0296 0168 WDICA - ok
15:25:31.0343 0168 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:25:31.0468 0168 wdmaud - ok
15:25:31.0515 0168 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:25:31.0656 0168 WebClient - ok
15:25:31.0718 0168 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:25:31.0828 0168 winmgmt - ok
15:25:31.0890 0168 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:25:31.0921 0168 WmdmPmSN - ok
15:25:32.0000 0168 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:25:32.0078 0168 Wmi - ok
15:25:32.0125 0168 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:25:32.0250 0168 WmiApSrv - ok
15:25:32.0359 0168 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
15:25:32.0406 0168 WMPNetworkSvc - ok
15:25:32.0453 0168 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:25:32.0593 0168 WS2IFSL - ok
15:25:32.0671 0168 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:25:32.0796 0168 wscsvc - ok
15:25:32.0828 0168 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:25:32.0953 0168 WSTCODEC - ok
15:25:33.0031 0168 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:25:33.0140 0168 wuauserv - ok
15:25:33.0187 0168 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:25:33.0203 0168 WudfPf - ok
15:25:33.0218 0168 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:25:33.0250 0168 WudfRd - ok
15:25:33.0328 0168 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:25:33.0359 0168 WudfSvc - ok
15:25:33.0421 0168 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:25:33.0562 0168 WZCSVC - ok
15:25:33.0625 0168 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:25:33.0734 0168 xmlprov - ok
15:25:33.0750 0168 ================ Scan global ===============================
15:25:33.0890 0168 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
15:25:34.0000 0168 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
15:25:34.0078 0168 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
15:25:34.0140 0168 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
15:25:34.0140 0168 [Global] - ok
15:25:34.0140 0168 ================ Scan MBR ==================================
15:25:34.0171 0168 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
15:25:34.0343 0168 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:25:34.0359 0168 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:25:34.0359 0168 ================ Scan VBR ==================================
15:25:34.0359 0168 [ 187BFD3000C2B45FA5E76283303E12FE ] \Device\Harddisk0\DR0\Partition1
15:25:34.0359 0168 \Device\Harddisk0\DR0\Partition1 - ok
15:25:34.0375 0168 [ 821A80601B683DBD00ADE3FD5ED5F8A5 ] \Device\Harddisk0\DR0\Partition2
15:25:34.0375 0168 \Device\Harddisk0\DR0\Partition2 - ok
15:25:34.0375 0168 ============================================================
15:25:34.0375 0168 Scan finished
15:25:34.0375 0168 ============================================================
15:25:34.0515 3632 Detected object count: 11
15:25:34.0515 3632 Actual detected object count: 11
15:25:59.0671 3632 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0671 3632 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:25:59.0687 3632 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0687 3632 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:25:59.0687 3632 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0687 3632 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:25:59.0687 3632 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0687 3632 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:25:59.0687 3632 ipswuio ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0687 3632 ipswuio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:25:59.0687 3632 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0687 3632 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:25:59.0687 3632 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0687 3632 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:25:59.0687 3632 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0687 3632 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:25:59.0687 3632 SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0687 3632 SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:25:59.0703 3632 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0703 3632 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:25:59.0703 3632 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:25:59.0703 3632 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
17.11.2012, 21:20
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? Du hast einen TDL drauf! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2012, 22:38
| #6 |
| | Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? Ich habe alles wie befolgt gemacht. ComboFix hatte alle Stufen durch und hat 3 Dateien gelöscht im Ordner C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP (ich bin mir nicht ganz sicher, dass es auf jeden Fall auch der Ordner war). Die Dateien waren zwei .tmp und eine .exe Dateien mit Buchstaben und Zahlen im Namen. Dann kam der Schritt "Lösche Ordner C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP" Und es hat sich für 'ne knappe halbe Stunde nichts mehr getan, der PC hat auch nicht mehr gearbeitet. Da hab ich das Programm abgebrochen, da mir das seltsam lange vorkam. Ich hoffe das war kein Fehler. In C:\ ist leider keine Logdatei. Daraufhin habe ich ComoFix nochmal ausgeführt, aber wieder hat Combo Fix bei dem Schritt aufgehört, etwas zu machen (quasi Leerlauf, weil er den Ordner nicht löschen kann?) Beim zweiten mal konnte ich den Inhalt aus dem Anzeigefeld in eine Textdatei kopieren: Code:
ATTFilter Suche nach infizierten Dateien....
Dies dauert normalerweise nicht l„nger als 10 Minuten.
Die Scanzeit fr stark infizierte Rechner kann sich leicht verdoppeln.
Fertiggestellt Stufe_1
Fertiggestellt Stufe_2
Fertiggestellt Stufe_3
Fertiggestellt Stufe_4
Fertiggestellt Stufe_5
Fertiggestellt Stufe_6
Fertiggestellt Stufe_6A
Fertiggestellt Stufe_7
Fertiggestellt Stufe_8
Fertiggestellt Stufe_9
Fertiggestellt Stufe_10
Fertiggestellt Stufe_11
Fertiggestellt Stufe_12
Fertiggestellt Stufe_13
Fertiggestellt Stufe_14
Fertiggestellt Stufe_15
Fertiggestellt Stufe_16
Fertiggestellt Stufe_17
Fertiggestellt Stufe_18
Fertiggestellt Stufe_19
Fertiggestellt Stufe_19B
Fertiggestellt Stufe_20
Fertiggestellt Stufe_21
Fertiggestellt Stufe_22
Fertiggestellt Stufe_23
Fertiggestellt Stufe_24
Fertiggestellt Stufe_25
Fertiggestellt Stufe_26
Fertiggestellt Stufe_27
Fertiggestellt Stufe_28
Fertiggestellt Stufe_29
Fertiggestellt Stufe_30
Fertiggestellt Stufe_31
Fertiggestellt Stufe_32
Fertiggestellt Stufe_32A
Fertiggestellt Stufe_33
Fertiggestellt Stufe_34
Fertiggestellt Stufe_35
Fertiggestellt Stufe_36
Fertiggestellt Stufe_37
Fertiggestellt Stufe_38
Fertiggestellt Stufe_39
Fertiggestellt Stufe_40
Fertiggestellt Stufe_41
Fertiggestellt Stufe_42
Fertiggestellt Stufe_43
Fertiggestellt Stufe_44
Fertiggestellt Stufe_45
Fertiggestellt Stufe_46
Fertiggestellt Stufe_47
Fertiggestellt Stufe_48
Fertiggestellt Stufe_49
Fertiggestellt Stufe_50
L”sche Ordner
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
Oder muss ich das mehrere Stunden laufen lassen? Danke für deine Zeit! //edit: wenn ich über den arbeitsplatz in den TEMP ordner gehe, ist er leer (versteckte dateien anzeigen habe ich angeschaltet) Geändert von pinadgo (17.11.2012 um 22:52 Uhr) |
|
17.11.2012, 23:20
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2012, 23:22
| #8 |
| | Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? Ich hatte bevor ich deine Antwort gelesen hab, den TEMP Ordner Manuell gelöscht. Nach einem Neustart und neuem Scan habe ich jetzt hier den Log: Code:
ATTFilter ComboFix 12-11-16.02 - jens 17.11.2012 23:11:27.3.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1919.1272 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\jens\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-17 bis 2012-11-17 ))))))))))))))))))))))))))))))
.
.
2012-10-30 16:10 . 2012-10-30 16:10 -------- d-----w- c:\programme\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 08:36 . 2012-04-01 21:43 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-08 08:36 . 2011-05-16 20:42 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2011-06-01 13:24 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2010-05-05 23:26 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2010-05-05 23:26 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2010-05-05 23:26 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2010-05-05 23:26 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2010-05-05 23:26 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2010-05-05 23:26 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2010-05-05 23:26 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2010-06-29 14:16 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:51 . 2010-05-05 23:25 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-22 19:56 . 2004-09-07 15:08 1866496 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-09-07 15:08 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 18:54 . 2010-01-11 09:40 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 16:05 . 2004-09-07 15:08 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 16:05 . 2004-09-07 15:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 16:05 . 2004-09-07 15:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 13:07 . 2004-09-07 15:07 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 14:53 . 2004-09-07 15:08 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 07:26 . 2004-08-03 23:50 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 07:26 . 2004-08-03 23:50 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:01 . 2011-01-01 17:49 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 12:01 . 2011-01-01 17:49 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-10-27 18:06 . 2012-10-27 18:05 261600 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\programme\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-10-14 69632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"ATKMEDIA"="c:\programme\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"Wireless Console 2"="c:\programme\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"Power_Gear"="c:\programme\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Jens_2\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
2006-05-30 09:28 811008 ----a-w- c:\programme\ASUS\Splendid\ACMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 20:32 59280 ----a-w- c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
2006-02-21 14:20 180224 ----a-w- c:\programme\ASUS\ASUS Live Update\ALU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows]
2012-06-07 16:35 522744 ----a-w- c:\programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-09-18 15:16 171464 ----a-w- c:\programme\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 22:30 421776 ----a-w- c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
2006-04-13 10:54 1101824 ----a-w- c:\program files\ASUS\Net4Switch\Net4Switch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2006-06-29 13:40 774144 ----a-w- c:\programme\ASUS\PowerForPhone\PowerForPhone.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 02:01 32768 ----a-w- c:\programme\ASUSTek\ASUSDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-10-30 05:49 16269312 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 05:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Steam\\Steam.exe"=
"c:\\Programme\\Azureus\\Azureus.exe"=
"c:\\Programme\\BlobbyVolley\\volley.exe"=
"c:\\Programme\\Counter-Strike\\cstrike.exe"=
"c:\\Programme\\Starcraft\\StarCraft.exe"=
"c:\\Programme\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\System32\\SUPDSvc.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Steam\\steamapps\\jenseman@giga4u.de\\counter-strike\\hl.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [01.06.2011 14:24 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06.05.2010 00:26 361032]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCore.exe [12.08.2011 01:38 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06.05.2010 00:26 21256]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [07.06.2012 17:34 478712]
S1 MpKsl9753d9dd;MpKsl9753d9dd;\??\c:\windows\system32\MpEngineStore\MpKsl9753d9dd.sys --> c:\windows\system32\MpEngineStore\MpKsl9753d9dd.sys [?]
S2 Skype C2C Service;Skype C2C Service;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe [19.06.2012 17:32 3048136]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [07.06.2012 19:12 160944]
S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [06.04.2012 14:15 38440]
S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [11.10.2012 17:08 57256]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [21.08.2007 19:52 34944]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [22.11.2008 15:11 47360]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [06.10.2011 11:43 131888]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.09.2007 20:54 685816]
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2010-09-25 01:48]
.
2012-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2012-11-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\programme\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-01 22:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;<local>
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\jens\Anwendungsdaten\Mozilla\Firefox\Profiles\fort0edl.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - ExtSQL: !HIDDEN! 2009-10-05 14:25; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
MSConfigStartUp-AdVantage - c:\programme\AdVantage\AdVantage.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\programme\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-setup2ksetup2k10 - c:\programme\installshield installation information\{83f73cb1-7705-49d1-9852-84d839ca2a45}\setupsetup2k10.01.238.exe
HKLM_ActiveSetup-ccc-core-static - msiexec
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-17 23:18
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3112)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-11-17 23:20:37
ComboFix-quarantined-files.txt 2012-11-17 22:20
.
Vor Suchlauf: 13 Verzeichnis(se), 28.742.189.056 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 28.815.163.392 Bytes frei
.
- - End Of File - - D2883278A49F407E677FB5339C423E49
edit2: Avast muss jetzt jedes mal manuell gestartet werden, startet nicht im autostart mit. Sonst gibt es aber keine Probleme im System (außer, dass da anscheinend ein "TDL" im Hintergrund läuft?) |
|
19.11.2012, 17:15
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? Mach bitte neue Logs mit aswMBR und TDSS-Killer
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.11.2012, 17:33
| #10 |
| | Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? Sehr gerne! aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 17:24:29
-----------------------------
17:24:29.031 OS Version: Windows 5.1.2600 Service Pack 3
17:24:29.031 Number of processors: 2 586 0xE0C
17:24:29.031 ComputerName: DACHS UserName: jens
17:24:29.625 Initialize success
17:24:32.453 AVAST engine defs: 12111900
17:24:48.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:24:48.140 Disk 0 Vendor: ST9120822AS 3.ALC Size: 114473MB BusType: 3
17:24:48.156 Disk 0 MBR read successfully
17:24:48.156 Disk 0 MBR scan
17:24:48.171 Disk 0 Windows XP default MBR code
17:24:48.187 Disk 0 Partition 1 00 1B Hidd FAT32 MSWIN4.1 1906 MB offset 63
17:24:48.203 Disk 0 Partition 2 80 (A) 0C FAT32 LBA MSWIN4.1 68676 MB offset 3903795
17:24:48.203 Disk 0 Partition - 00 0F Extended LBA 43888 MB offset 144552870
17:24:48.218 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 43888 MB offset 144552933
17:24:48.218 Disk 0 scanning sectors +234436545
17:24:48.265 Disk 0 scanning C:\WINDOWS\system32\drivers
17:24:54.406 Service scanning
17:25:04.484 Modules scanning
17:25:08.125 Disk 0 trace - called modules:
17:25:08.140 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:25:08.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a896ab8]
17:25:08.156 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000080[0x8a914250]
17:25:08.156 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a911d98]
17:25:08.531 AVAST engine scan C:\WINDOWS
17:25:19.593 AVAST engine scan C:\WINDOWS\system32
17:27:38.890 AVAST engine scan C:\WINDOWS\system32\drivers
17:27:49.046 AVAST engine scan C:\Dokumente und Einstellungen\jens
17:29:32.781 AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:29:57.968 Scan finished successfully
17:30:04.671 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\jens\Desktop\MBR.dat"
17:30:04.671 The log file has been saved successfully to "C:\Dokumente und Einstellungen\jens\Desktop\aswMBR.txt"
Code:
ATTFilter 17:30:14.0156 4064 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:30:14.0390 4064 ============================================================
17:30:14.0390 4064 Current date / time: 2012/11/19 17:30:14.0390
17:30:14.0390 4064 SystemInfo:
17:30:14.0390 4064
17:30:14.0390 4064 OS Version: 5.1.2600 ServicePack: 3.0
17:30:14.0390 4064 Product type: Workstation
17:30:14.0390 4064 ComputerName: DACHS
17:30:14.0390 4064 UserName: jens
17:30:14.0390 4064 Windows directory: C:\WINDOWS
17:30:14.0390 4064 System windows directory: C:\WINDOWS
17:30:14.0390 4064 Processor architecture: Intel x86
17:30:14.0390 4064 Number of processors: 2
17:30:14.0390 4064 Page size: 0x1000
17:30:14.0390 4064 Boot type: Normal boot
17:30:14.0390 4064 ============================================================
17:30:15.0265 4064 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:30:15.0312 4064 ============================================================
17:30:15.0312 4064 \Device\Harddisk0\DR0:
17:30:15.0312 4064 MBR partitions:
17:30:15.0312 4064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3B9133, BlocksNum 0x8622273
17:30:15.0328 4064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x89DB3E5, BlocksNum 0x55B83DC
17:30:15.0328 4064 ============================================================
17:30:15.0343 4064 C: <-> \Device\Harddisk0\DR0\Partition1
17:30:15.0359 4064 D: <-> \Device\Harddisk0\DR0\Partition2
17:30:15.0359 4064 ============================================================
17:30:15.0359 4064 Initialize success
17:30:15.0359 4064 ============================================================
17:30:40.0015 3824 ============================================================
17:30:40.0015 3824 Scan started
17:30:40.0015 3824 Mode: Manual; SigCheck; TDLFS;
17:30:40.0015 3824 ============================================================
17:30:40.0375 3824 ================ Scan system memory ========================
17:30:40.0375 3824 System memory - ok
17:30:40.0375 3824 ================ Scan services =============================
17:30:40.0468 3824 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Programme\SUPERAntiSpyware\SASCORE.EXE
17:30:40.0609 3824 !SASCORE - ok
17:30:40.0687 3824 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
17:30:40.0796 3824 Aavmker4 - ok
17:30:40.0796 3824 Abiosdsk - ok
17:30:40.0812 3824 abp480n5 - ok
17:30:40.0843 3824 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:30:41.0062 3824 ACPI - ok
17:30:41.0078 3824 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:30:41.0203 3824 ACPIEC - ok
17:30:41.0250 3824 [ E850B0A94E8703CCBC980B31594DC408 ] acsint C:\WINDOWS\system32\DRIVERS\acsint.sys
17:30:41.0265 3824 acsint - ok
17:30:41.0281 3824 [ EA2429C90AEAB09D7F3A99B16DA23CED ] acsmux C:\WINDOWS\system32\DRIVERS\acsmux.sys
17:30:41.0296 3824 acsmux - ok
17:30:41.0343 3824 [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
17:30:41.0375 3824 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
17:30:41.0375 3824 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
17:30:41.0390 3824 adpu160m - ok
17:30:41.0421 3824 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:30:41.0578 3824 aec - ok
17:30:41.0625 3824 [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:30:41.0640 3824 AegisP ( UnsignedFile.Multi.Generic ) - warning
17:30:41.0640 3824 AegisP - detected UnsignedFile.Multi.Generic (1)
17:30:41.0671 3824 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:30:41.0718 3824 AFD - ok
17:30:41.0734 3824 Aha154x - ok
17:30:41.0734 3824 aic78u2 - ok
17:30:41.0750 3824 aic78xx - ok
17:30:41.0796 3824 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:30:41.0921 3824 Alerter - ok
17:30:41.0968 3824 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
17:30:42.0078 3824 ALG - ok
17:30:42.0078 3824 AliIde - ok
17:30:42.0093 3824 amsint - ok
17:30:42.0171 3824 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:30:42.0187 3824 Apple Mobile Device - ok
17:30:42.0265 3824 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:30:42.0406 3824 AppMgmt - ok
17:30:42.0421 3824 asc - ok
17:30:42.0437 3824 asc3350p - ok
17:30:42.0437 3824 asc3550 - ok
17:30:42.0500 3824 [ 05A56C3156E1B6CC7BBD8E1D54D491F2 ] ASNDIS5 C:\WINDOWS\ATK0100\ASNDIS5.SYS
17:30:42.0515 3824 ASNDIS5 - ok
17:30:42.0593 3824 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:30:42.0609 3824 aspnet_state - ok
17:30:42.0625 3824 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:30:42.0640 3824 aswFsBlk - ok
17:30:42.0671 3824 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
17:30:42.0687 3824 aswMon2 - ok
17:30:42.0718 3824 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
17:30:42.0734 3824 aswRdr - ok
17:30:42.0781 3824 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
17:30:42.0812 3824 aswSnx - ok
17:30:42.0843 3824 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
17:30:42.0859 3824 aswSP - ok
17:30:42.0875 3824 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
17:30:42.0890 3824 aswTdi - ok
17:30:42.0953 3824 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:30:43.0093 3824 AsyncMac - ok
17:30:43.0125 3824 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:30:43.0234 3824 atapi - ok
17:30:43.0281 3824 [ F38A6E25C67798FF5F4AF85ACED4FB87 ] AtcL002 C:\WINDOWS\system32\DRIVERS\atl02_xp.sys
17:30:43.0312 3824 AtcL002 - ok
17:30:43.0312 3824 Atdisk - ok
17:30:43.0437 3824 [ 29B2874B3956B62C0DBEA32D75A8E776 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:30:43.0546 3824 Ati HotKey Poller - ok
17:30:43.0640 3824 [ A1789368B4A31D2111AF7AEDA0C8D3FC ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:30:43.0781 3824 ati2mtag - ok
17:30:43.0890 3824 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
17:30:43.0921 3824 atksgt - ok
17:30:43.0953 3824 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:30:44.0078 3824 Atmarpc - ok
17:30:44.0187 3824 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:30:44.0312 3824 AudioSrv - ok
17:30:44.0359 3824 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:30:44.0468 3824 audstub - ok
17:30:44.0578 3824 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\Alwil Software\Avast5\AvastSvc.exe
17:30:44.0593 3824 avast! Antivirus - ok
17:30:44.0640 3824 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:30:44.0718 3824 BCM43XX - ok
17:30:44.0734 3824 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:30:44.0875 3824 Beep - ok
17:30:44.0937 3824 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
17:30:45.0078 3824 BITS - ok
17:30:45.0156 3824 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
17:30:45.0218 3824 Bonjour Service - ok
17:30:45.0265 3824 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
17:30:45.0312 3824 Browser - ok
17:30:45.0406 3824 catchme - ok
17:30:45.0421 3824 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:30:45.0546 3824 cbidf2k - ok
17:30:45.0578 3824 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:30:45.0687 3824 CCDECODE - ok
17:30:45.0703 3824 cd20xrnt - ok
17:30:45.0734 3824 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:30:45.0875 3824 Cdaudio - ok
17:30:45.0890 3824 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:30:46.0000 3824 Cdfs - ok
17:30:46.0031 3824 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:30:46.0140 3824 Cdrom - ok
17:30:46.0156 3824 Changer - ok
17:30:46.0234 3824 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:30:46.0375 3824 CiSvc - ok
17:30:46.0421 3824 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:30:46.0546 3824 ClipSrv - ok
17:30:46.0609 3824 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:30:46.0625 3824 clr_optimization_v2.0.50727_32 - ok
17:30:46.0656 3824 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:30:46.0796 3824 CmBatt - ok
17:30:46.0796 3824 CmdIde - ok
17:30:46.0812 3824 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:30:46.0937 3824 Compbatt - ok
17:30:46.0984 3824 COMSysApp - ok
17:30:47.0000 3824 Cpqarray - ok
17:30:47.0109 3824 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:30:47.0250 3824 CryptSvc - ok
17:30:47.0265 3824 dac2w2k - ok
17:30:47.0281 3824 dac960nt - ok
17:30:47.0328 3824 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:30:47.0390 3824 DcomLaunch - ok
17:30:47.0437 3824 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:30:47.0546 3824 Dhcp - ok
17:30:47.0578 3824 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:30:47.0703 3824 Disk - ok
17:30:47.0750 3824 dmadmin - ok
17:30:47.0812 3824 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:30:47.0968 3824 dmboot - ok
17:30:48.0000 3824 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:30:48.0125 3824 dmio - ok
17:30:48.0125 3824 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:30:48.0250 3824 dmload - ok
17:30:48.0296 3824 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:30:48.0421 3824 dmserver - ok
17:30:48.0453 3824 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:30:48.0578 3824 DMusic - ok
17:30:48.0640 3824 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:30:48.0671 3824 Dnscache - ok
17:30:48.0750 3824 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:30:48.0890 3824 Dot3svc - ok
17:30:48.0906 3824 dpti2o - ok
17:30:48.0921 3824 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:30:49.0031 3824 drmkaud - ok
17:30:49.0078 3824 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:30:49.0218 3824 EapHost - ok
17:30:49.0281 3824 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:30:49.0421 3824 ERSvc - ok
17:30:49.0468 3824 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
17:30:49.0515 3824 Eventlog - ok
17:30:49.0562 3824 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
17:30:49.0625 3824 EventSystem - ok
17:30:49.0640 3824 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:30:49.0765 3824 Fastfat - ok
17:30:49.0796 3824 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:30:49.0828 3824 FastUserSwitchingCompatibility - ok
17:30:49.0875 3824 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
17:30:49.0984 3824 Fdc - ok
17:30:50.0000 3824 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:30:50.0125 3824 Fips - ok
17:30:50.0156 3824 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:30:50.0281 3824 Flpydisk - ok
17:30:50.0312 3824 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:30:50.0437 3824 FltMgr - ok
17:30:50.0546 3824 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:30:50.0562 3824 FontCache3.0.0.0 - ok
17:30:50.0609 3824 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:30:50.0750 3824 Fs_Rec - ok
17:30:50.0765 3824 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:30:50.0906 3824 Ftdisk - ok
17:30:50.0937 3824 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:30:50.0953 3824 GEARAspiWDM - ok
17:30:51.0000 3824 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
17:30:51.0015 3824 giveio ( UnsignedFile.Multi.Generic ) - warning
17:30:51.0015 3824 giveio - detected UnsignedFile.Multi.Generic (1)
17:30:51.0046 3824 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:30:51.0171 3824 Gpc - ok
17:30:51.0203 3824 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:30:51.0343 3824 HDAudBus - ok
17:30:51.0390 3824 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:30:51.0500 3824 helpsvc - ok
17:30:51.0546 3824 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
17:30:51.0671 3824 HidServ - ok
17:30:51.0703 3824 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:30:51.0828 3824 HidUsb - ok
17:30:51.0890 3824 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:30:52.0015 3824 hkmsvc - ok
17:30:52.0031 3824 hpn - ok
17:30:52.0078 3824 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:30:52.0125 3824 HTTP - ok
17:30:52.0171 3824 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:30:52.0296 3824 HTTPFilter - ok
17:30:52.0312 3824 i2omgmt - ok
17:30:52.0328 3824 i2omp - ok
17:30:52.0359 3824 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:30:52.0484 3824 i8042prt - ok
17:30:52.0546 3824 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT c:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:30:52.0578 3824 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:30:52.0578 3824 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:30:52.0656 3824 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:30:52.0718 3824 idsvc - ok
17:30:52.0750 3824 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:30:52.0890 3824 Imapi - ok
17:30:52.0937 3824 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
17:30:53.0078 3824 ImapiService - ok
17:30:53.0093 3824 ini910u - ok
17:30:53.0296 3824 [ 47F27AF890DA3E51C633FDD510910115 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:30:53.0671 3824 IntcAzAudAddService - ok
17:30:53.0718 3824 IntelIde - ok
17:30:53.0750 3824 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:30:53.0859 3824 intelppm - ok
17:30:53.0890 3824 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:30:54.0000 3824 Ip6Fw - ok
17:30:54.0031 3824 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:30:54.0156 3824 IpFilterDriver - ok
17:30:54.0187 3824 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:30:54.0312 3824 IpInIp - ok
17:30:54.0359 3824 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:30:54.0484 3824 IpNat - ok
17:30:54.0609 3824 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Programme\iPod\bin\iPodService.exe
17:30:54.0671 3824 iPod Service - ok
17:30:54.0718 3824 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:30:54.0843 3824 IPSec - ok
17:30:54.0875 3824 [ EE8CC26924A6F07972BBF04487EBD552 ] ipswuio C:\WINDOWS\system32\DRIVERS\ipswuio.sys
17:30:54.0890 3824 ipswuio ( UnsignedFile.Multi.Generic ) - warning
17:30:54.0890 3824 ipswuio - detected UnsignedFile.Multi.Generic (1)
17:30:54.0921 3824 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:30:55.0046 3824 IRENUM - ok
17:30:55.0078 3824 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:30:55.0203 3824 isapnp - ok
17:30:55.0296 3824 [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
17:30:55.0343 3824 JavaQuickStarterService - ok
17:30:55.0375 3824 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:30:55.0484 3824 Kbdclass - ok
17:30:55.0500 3824 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:30:55.0625 3824 kbdhid - ok
17:30:55.0671 3824 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:30:55.0796 3824 kmixer - ok
17:30:55.0828 3824 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:30:55.0859 3824 KSecDD - ok
17:30:55.0906 3824 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:30:55.0953 3824 lanmanserver - ok
17:30:56.0062 3824 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:30:56.0109 3824 lanmanworkstation - ok
17:30:56.0109 3824 lbrtfdc - ok
17:30:56.0187 3824 [ 5712DCBE52D68865CCA91AE04807B755 ] LightScribeService c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
17:30:56.0218 3824 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:30:56.0218 3824 LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:30:56.0250 3824 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
17:30:56.0265 3824 lirsgt - ok
17:30:56.0328 3824 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:30:56.0453 3824 LmHosts - ok
17:30:56.0484 3824 [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
17:30:56.0500 3824 LVUSBSta - ok
17:30:56.0546 3824 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:30:56.0671 3824 Messenger - ok
17:30:56.0687 3824 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:30:56.0828 3824 mnmdd - ok
17:30:56.0875 3824 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:30:57.0000 3824 mnmsrvc - ok
17:30:57.0031 3824 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:30:57.0156 3824 Modem - ok
17:30:57.0171 3824 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:30:57.0312 3824 MODEMCSA - ok
17:30:57.0343 3824 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:30:57.0468 3824 Mouclass - ok
17:30:57.0484 3824 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:30:57.0625 3824 mouhid - ok
17:30:57.0656 3824 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:30:57.0765 3824 MountMgr - ok
17:30:57.0828 3824 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:30:57.0859 3824 MozillaMaintenance - ok
17:30:57.0937 3824 MpKsl9753d9dd - ok
17:30:57.0953 3824 mraid35x - ok
17:30:57.0984 3824 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:30:58.0109 3824 MRxDAV - ok
17:30:58.0156 3824 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:30:58.0234 3824 MRxSmb - ok
17:30:58.0296 3824 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:30:58.0421 3824 MSDTC - ok
17:30:58.0437 3824 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:30:58.0562 3824 Msfs - ok
17:30:58.0609 3824 MSIServer - ok
17:30:58.0640 3824 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:30:58.0765 3824 MSKSSRV - ok
17:30:58.0796 3824 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:30:58.0906 3824 MSPCLOCK - ok
17:30:58.0921 3824 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:30:59.0046 3824 MSPQM - ok
17:30:59.0078 3824 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:30:59.0171 3824 mssmbios - ok
17:30:59.0187 3824 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:30:59.0312 3824 MSTEE - ok
17:30:59.0343 3824 [ E333010A50BF603ACC350F6019E9CE02 ] MTsensor C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
17:30:59.0359 3824 MTsensor - ok
17:30:59.0406 3824 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:30:59.0437 3824 Mup - ok
17:30:59.0468 3824 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:30:59.0593 3824 NABTSFEC - ok
17:30:59.0671 3824 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
17:30:59.0812 3824 napagent - ok
17:30:59.0843 3824 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:30:59.0968 3824 NDIS - ok
17:30:59.0984 3824 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:31:00.0109 3824 NdisIP - ok
17:31:00.0156 3824 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:31:00.0187 3824 NdisTapi - ok
17:31:00.0234 3824 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:31:00.0343 3824 Ndisuio - ok
17:31:00.0359 3824 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:31:00.0500 3824 NdisWan - ok
17:31:00.0531 3824 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:31:00.0562 3824 NDProxy - ok
17:31:00.0593 3824 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:31:00.0718 3824 NetBIOS - ok
17:31:00.0750 3824 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\NETBT.SYS
17:31:00.0875 3824 NetBT - ok
17:31:00.0937 3824 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
17:31:01.0078 3824 NetDDE - ok
17:31:01.0078 3824 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:31:01.0187 3824 NetDDEdsdm - ok
17:31:01.0296 3824 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:31:01.0421 3824 Netlogon - ok
17:31:01.0500 3824 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
17:31:01.0640 3824 Netman - ok
17:31:01.0750 3824 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:31:01.0765 3824 NetTcpPortSharing - ok
17:31:01.0828 3824 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
17:31:01.0859 3824 Nla - ok
17:31:01.0890 3824 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:31:02.0015 3824 Npfs - ok
17:31:02.0093 3824 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:31:02.0250 3824 Ntfs - ok
17:31:02.0281 3824 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:31:02.0390 3824 NtLmSsp - ok
17:31:02.0546 3824 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:31:02.0703 3824 NtmsSvc - ok
17:31:02.0734 3824 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:31:02.0859 3824 Null - ok
17:31:02.0890 3824 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:31:03.0031 3824 NwlnkFlt - ok
17:31:03.0031 3824 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:31:03.0171 3824 NwlnkFwd - ok
17:31:03.0203 3824 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
17:31:03.0328 3824 Parport - ok
17:31:03.0343 3824 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:31:03.0468 3824 PartMgr - ok
17:31:03.0484 3824 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:31:03.0609 3824 ParVdm - ok
17:31:03.0625 3824 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:31:03.0734 3824 PCI - ok
17:31:03.0750 3824 PCIDump - ok
17:31:03.0765 3824 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:31:03.0890 3824 PCIIde - ok
17:31:03.0921 3824 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:31:04.0062 3824 Pcmcia - ok
17:31:04.0093 3824 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
17:31:04.0109 3824 pcouffin ( UnsignedFile.Multi.Generic ) - warning
17:31:04.0109 3824 pcouffin - detected UnsignedFile.Multi.Generic (1)
17:31:04.0109 3824 PDCOMP - ok
17:31:04.0125 3824 PDFRAME - ok
17:31:04.0140 3824 PDRELI - ok
17:31:04.0140 3824 PDRFRAME - ok
17:31:04.0156 3824 perc2 - ok
17:31:04.0156 3824 perc2hib - ok
17:31:04.0265 3824 [ A7598E897DA639E255AD4188FA398478 ] PID_PEPI C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
17:31:04.0343 3824 PID_PEPI - ok
17:31:04.0406 3824 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
17:31:04.0421 3824 PlugPlay - ok
17:31:04.0515 3824 [ 831883B107684301F48ACE752C963984 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
17:31:04.0531 3824 PnkBstrA - ok
17:31:04.0593 3824 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:31:04.0703 3824 PolicyAgent - ok
17:31:04.0750 3824 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:31:04.0875 3824 PptpMiniport - ok
17:31:04.0906 3824 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:31:05.0015 3824 ProtectedStorage - ok
17:31:05.0062 3824 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:31:05.0218 3824 PSched - ok
17:31:05.0250 3824 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:31:05.0390 3824 Ptilink - ok
17:31:05.0390 3824 ql1080 - ok
17:31:05.0406 3824 Ql10wnt - ok
17:31:05.0421 3824 ql12160 - ok
17:31:05.0421 3824 ql1240 - ok
17:31:05.0437 3824 ql1280 - ok
17:31:05.0515 3824 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:31:05.0656 3824 RasAcd - ok
17:31:05.0718 3824 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:31:05.0828 3824 RasAuto - ok
17:31:05.0859 3824 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:31:05.0984 3824 Rasl2tp - ok
17:31:06.0062 3824 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:31:06.0203 3824 RasMan - ok
17:31:06.0218 3824 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:31:06.0343 3824 RasPppoe - ok
17:31:06.0375 3824 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:31:06.0500 3824 Raspti - ok
17:31:06.0531 3824 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:31:06.0640 3824 Rdbss - ok
17:31:06.0671 3824 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:31:06.0812 3824 RDPCDD - ok
17:31:06.0859 3824 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:31:06.0984 3824 rdpdr - ok
17:31:07.0046 3824 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:31:07.0093 3824 RDPWD - ok
17:31:07.0140 3824 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:31:07.0265 3824 RDSessMgr - ok
17:31:07.0281 3824 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:31:07.0406 3824 redbook - ok
17:31:07.0500 3824 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:31:07.0625 3824 RemoteAccess - ok
17:31:07.0671 3824 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:31:07.0781 3824 RemoteRegistry - ok
17:31:07.0859 3824 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:31:07.0984 3824 RpcLocator - ok
17:31:08.0031 3824 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:31:08.0046 3824 RpcSs - ok
17:31:08.0093 3824 [ A3B23FB3F295694091F51865F98588B2 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
17:31:08.0093 3824 rspndr ( UnsignedFile.Multi.Generic ) - warning
17:31:08.0093 3824 rspndr - detected UnsignedFile.Multi.Generic (1)
17:31:08.0156 3824 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:31:08.0296 3824 RSVP - ok
17:31:08.0328 3824 [ DAAF657C0B5BD0595669496857040F75 ] RTSTOR C:\WINDOWS\system32\drivers\RTSTOR.SYS
17:31:08.0359 3824 RTSTOR - ok
17:31:08.0421 3824 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
17:31:08.0531 3824 SamSs - ok
17:31:08.0593 3824 [ BD26A150DC292913E48EE2B950372DFD ] Samsung UPD Service C:\WINDOWS\system32\SUPDSvc.exe
17:31:08.0625 3824 Samsung UPD Service - ok
17:31:08.0687 3824 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
17:31:08.0703 3824 SASDIFSV - ok
17:31:08.0718 3824 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
17:31:08.0734 3824 SASKUTIL - ok
17:31:08.0781 3824 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:31:08.0921 3824 SCardSvr - ok
17:31:08.0984 3824 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:31:09.0109 3824 Schedule - ok
17:31:09.0156 3824 [ 59A9EB4073A39895AF314780D0A032FA ] SE27bus C:\WINDOWS\system32\DRIVERS\SE27bus.sys
17:31:09.0156 3824 SE27bus ( UnsignedFile.Multi.Generic ) - warning
17:31:09.0156 3824 SE27bus - detected UnsignedFile.Multi.Generic (1)
17:31:09.0203 3824 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:31:09.0312 3824 Secdrv - ok
17:31:09.0375 3824 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
17:31:09.0484 3824 seclogon - ok
17:31:09.0531 3824 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
17:31:09.0671 3824 SENS - ok
17:31:09.0703 3824 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
17:31:09.0843 3824 Serial - ok
17:31:09.0875 3824 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:31:09.0984 3824 Sfloppy - ok
17:31:10.0062 3824 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:31:10.0203 3824 SharedAccess - ok
17:31:10.0250 3824 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:31:10.0281 3824 ShellHWDetection - ok
17:31:10.0296 3824 Simbad - ok
17:31:10.0531 3824 [ 2A99850C2A6EDD6C6602E822C716EDAF ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:31:10.0734 3824 Skype C2C Service - ok
17:31:10.0921 3824 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
17:31:10.0937 3824 SkypeUpdate - ok
17:31:11.0000 3824 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:31:11.0109 3824 SLIP - ok
17:31:11.0187 3824 [ B8C571FBF5A4B341A95CDF0DE74D7B11 ] smserial C:\WINDOWS\system32\DRIVERS\smserial.sys
17:31:11.0265 3824 smserial - ok
17:31:11.0281 3824 Sparrow - ok
17:31:11.0343 3824 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys
17:31:11.0359 3824 speedfan - ok
17:31:11.0406 3824 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:31:11.0515 3824 splitter - ok
17:31:11.0562 3824 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:31:11.0593 3824 Spooler - ok
17:31:11.0656 3824 [ D390675B8CE45E5FB359338E5E649329 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
17:31:11.0703 3824 sptd - ok
17:31:11.0718 3824 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:31:11.0843 3824 sr - ok
17:31:11.0921 3824 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
17:31:12.0078 3824 srservice - ok
17:31:12.0109 3824 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:31:12.0171 3824 Srv - ok
17:31:12.0234 3824 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:31:12.0359 3824 SSDPSRV - ok
17:31:12.0390 3824 [ 5EC550B8952882EE856B862CF648522D ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:31:12.0406 3824 ssmdrv - ok
17:31:12.0453 3824 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:31:12.0609 3824 stisvc - ok
17:31:12.0640 3824 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:31:12.0765 3824 streamip - ok
17:31:12.0796 3824 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:31:12.0921 3824 swenum - ok
17:31:12.0953 3824 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:31:13.0062 3824 swmidi - ok
17:31:13.0125 3824 SwPrv - ok
17:31:13.0140 3824 symc810 - ok
17:31:13.0140 3824 symc8xx - ok
17:31:13.0203 3824 [ 3C6790D26D03FE5163E2BEC490E51A7E ] SymEvent C:\Programme\Symantec\SYMEVENT.SYS
17:31:13.0218 3824 SymEvent - ok
17:31:13.0234 3824 sym_hi - ok
17:31:13.0234 3824 sym_u3 - ok
17:31:13.0281 3824 [ 69BF2DD9B1099D1AA3E7CF14B4B842CD ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:31:13.0328 3824 SynTP - ok
17:31:13.0359 3824 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:31:13.0484 3824 sysaudio - ok
17:31:13.0546 3824 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:31:13.0687 3824 SysmonLog - ok
17:31:13.0734 3824 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:31:13.0875 3824 TapiSrv - ok
17:31:13.0921 3824 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:31:13.0984 3824 Tcpip - ok
17:31:14.0046 3824 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:31:14.0156 3824 TDPIPE - ok
17:31:14.0171 3824 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:31:14.0296 3824 TDTCP - ok
17:31:14.0328 3824 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:31:14.0437 3824 TermDD - ok
17:31:14.0484 3824 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
17:31:14.0640 3824 TermService - ok
17:31:14.0687 3824 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:31:14.0703 3824 Themes - ok
17:31:14.0781 3824 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:31:14.0921 3824 TlntSvr - ok
17:31:14.0921 3824 TosIde - ok
17:31:14.0984 3824 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:31:15.0140 3824 TrkWks - ok
17:31:15.0171 3824 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:31:15.0281 3824 Udfs - ok
17:31:15.0375 3824 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
17:31:15.0390 3824 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
17:31:15.0390 3824 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
17:31:15.0406 3824 ultra - ok
17:31:15.0437 3824 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:31:15.0593 3824 Update - ok
17:31:15.0656 3824 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:31:15.0796 3824 upnphost - ok
17:31:15.0843 3824 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
17:31:15.0968 3824 UPS - ok
17:31:16.0000 3824 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:31:16.0031 3824 USBAAPL - ok
17:31:16.0062 3824 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:31:16.0187 3824 usbaudio - ok
17:31:16.0203 3824 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:31:16.0328 3824 usbccgp - ok
17:31:16.0343 3824 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:31:16.0468 3824 usbehci - ok
17:31:16.0500 3824 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:31:16.0640 3824 usbhub - ok
17:31:16.0640 3824 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:31:16.0781 3824 usbohci - ok
17:31:16.0828 3824 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:31:16.0953 3824 usbprint - ok
17:31:16.0968 3824 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:31:17.0109 3824 usbscan - ok
17:31:17.0109 3824 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:31:17.0234 3824 usbstor - ok
17:31:17.0265 3824 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:31:17.0390 3824 VgaSave - ok
17:31:17.0406 3824 ViaIde - ok
17:31:17.0437 3824 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:31:17.0562 3824 VolSnap - ok
17:31:17.0656 3824 [ 18507BDC6C15BD464DE9AB18B6AF1C23 ] vpnagent C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
17:31:17.0703 3824 vpnagent - ok
17:31:17.0734 3824 [ FDDAFA1C89B0B07494AF5879F7ECE857 ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
17:31:17.0750 3824 vpnva - ok
17:31:17.0828 3824 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
17:31:17.0968 3824 VSS - ok
17:31:18.0031 3824 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
17:31:18.0156 3824 W32Time - ok
17:31:18.0203 3824 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:31:18.0328 3824 Wanarp - ok
17:31:18.0328 3824 WDICA - ok
17:31:18.0375 3824 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:31:18.0515 3824 wdmaud - ok
17:31:18.0562 3824 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:31:18.0687 3824 WebClient - ok
17:31:18.0765 3824 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:31:18.0890 3824 winmgmt - ok
17:31:18.0953 3824 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:31:18.0968 3824 WmdmPmSN - ok
17:31:19.0046 3824 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:31:19.0109 3824 Wmi - ok
17:31:19.0171 3824 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:31:19.0296 3824 WmiApSrv - ok
17:31:19.0421 3824 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
17:31:19.0515 3824 WMPNetworkSvc - ok
17:31:19.0562 3824 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:31:19.0718 3824 WS2IFSL - ok
17:31:19.0843 3824 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:31:19.0968 3824 wscsvc - ok
17:31:20.0015 3824 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:31:20.0140 3824 WSTCODEC - ok
17:31:20.0218 3824 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:31:20.0343 3824 wuauserv - ok
17:31:20.0375 3824 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:31:20.0390 3824 WudfPf - ok
17:31:20.0406 3824 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:31:20.0437 3824 WudfRd - ok
17:31:20.0500 3824 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:31:20.0531 3824 WudfSvc - ok
17:31:20.0609 3824 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:31:20.0765 3824 WZCSVC - ok
17:31:20.0828 3824 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:31:20.0937 3824 xmlprov - ok
17:31:20.0953 3824 ================ Scan global ===============================
17:31:21.0093 3824 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:31:21.0203 3824 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:31:21.0296 3824 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:31:21.0359 3824 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:31:21.0359 3824 [Global] - ok
17:31:21.0359 3824 ================ Scan MBR ==================================
17:31:21.0390 3824 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:31:21.0546 3824 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:31:21.0546 3824 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:31:21.0546 3824 ================ Scan VBR ==================================
17:31:21.0562 3824 [ 16AACC28D1253A82505A6D112ED33193 ] \Device\Harddisk0\DR0\Partition1
17:31:21.0562 3824 \Device\Harddisk0\DR0\Partition1 - ok
17:31:21.0578 3824 [ FE176BB4F15D15B35F394F0B48DA185C ] \Device\Harddisk0\DR0\Partition2
17:31:21.0578 3824 \Device\Harddisk0\DR0\Partition2 - ok
17:31:21.0578 3824 ============================================================
17:31:21.0578 3824 Scan finished
17:31:21.0578 3824 ============================================================
17:31:21.0718 3016 Detected object count: 11
17:31:21.0718 3016 Actual detected object count: 11
17:31:30.0296 3016 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0296 3016 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:30.0296 3016 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0296 3016 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:30.0296 3016 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0296 3016 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:30.0296 3016 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0296 3016 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:30.0312 3016 ipswuio ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0312 3016 ipswuio ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:30.0312 3016 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0312 3016 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:30.0312 3016 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0312 3016 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:30.0312 3016 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0312 3016 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:30.0312 3016 SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0312 3016 SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:30.0312 3016 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0312 3016 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:30.0312 3016 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:31:30.0312 3016 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
19.11.2012, 19:04
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?Code:
ATTFilter 17:31:30.0312 3016 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.11.2012, 19:21
| #12 |
| | Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? Danke! Ich habe nach dem Löschen des Eintrages sowie nach dem Scan (nach Neustart) ein Log gemacht. Ich poste beide: Log nach Löschen Code:
ATTFilter 19:09:54.0468 1192 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:09:54.0703 1192 ============================================================
19:09:54.0703 1192 Current date / time: 2012/11/19 19:09:54.0703
19:09:54.0703 1192 SystemInfo:
19:09:54.0703 1192
19:09:54.0703 1192 OS Version: 5.1.2600 ServicePack: 3.0
19:09:54.0703 1192 Product type: Workstation
19:09:54.0703 1192 ComputerName: DACHS
19:09:54.0703 1192 UserName: jens
19:09:54.0703 1192 Windows directory: C:\WINDOWS
19:09:54.0703 1192 System windows directory: C:\WINDOWS
19:09:54.0718 1192 Processor architecture: Intel x86
19:09:54.0718 1192 Number of processors: 2
19:09:54.0718 1192 Page size: 0x1000
19:09:54.0718 1192 Boot type: Normal boot
19:09:54.0718 1192 ============================================================
19:09:55.0468 1192 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:09:55.0515 1192 ============================================================
19:09:55.0515 1192 \Device\Harddisk0\DR0:
19:09:55.0515 1192 MBR partitions:
19:09:55.0515 1192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3B9133, BlocksNum 0x8622273
19:09:55.0531 1192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x89DB3E5, BlocksNum 0x55B83DC
19:09:55.0531 1192 ============================================================
19:09:55.0546 1192 C: <-> \Device\Harddisk0\DR0\Partition1
19:09:55.0578 1192 D: <-> \Device\Harddisk0\DR0\Partition2
19:09:55.0578 1192 ============================================================
19:09:55.0578 1192 Initialize success
19:09:55.0578 1192 ============================================================
19:10:07.0546 3364 ============================================================
19:10:07.0546 3364 Scan started
19:10:07.0546 3364 Mode: Manual; SigCheck; TDLFS;
19:10:07.0546 3364 ============================================================
19:10:07.0937 3364 ================ Scan system memory ========================
19:10:07.0937 3364 System memory - ok
19:10:07.0937 3364 ================ Scan services =============================
19:10:08.0093 3364 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Programme\SUPERAntiSpyware\SASCORE.EXE
19:10:08.0234 3364 !SASCORE - ok
19:10:08.0296 3364 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
19:10:08.0343 3364 Aavmker4 - ok
19:10:08.0359 3364 Abiosdsk - ok
19:10:08.0359 3364 abp480n5 - ok
19:10:08.0406 3364 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:10:08.0640 3364 ACPI - ok
19:10:08.0656 3364 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:10:08.0796 3364 ACPIEC - ok
19:10:08.0843 3364 [ E850B0A94E8703CCBC980B31594DC408 ] acsint C:\WINDOWS\system32\DRIVERS\acsint.sys
19:10:08.0859 3364 acsint - ok
19:10:08.0890 3364 [ EA2429C90AEAB09D7F3A99B16DA23CED ] acsmux C:\WINDOWS\system32\DRIVERS\acsmux.sys
19:10:08.0906 3364 acsmux - ok
19:10:08.0968 3364 [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
19:10:08.0984 3364 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
19:10:08.0984 3364 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
19:10:08.0984 3364 adpu160m - ok
19:10:09.0031 3364 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:10:09.0156 3364 aec - ok
19:10:09.0203 3364 [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:10:09.0234 3364 AegisP ( UnsignedFile.Multi.Generic ) - warning
19:10:09.0234 3364 AegisP - detected UnsignedFile.Multi.Generic (1)
19:10:09.0250 3364 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:10:09.0296 3364 AFD - ok
19:10:09.0312 3364 Aha154x - ok
19:10:09.0312 3364 aic78u2 - ok
19:10:09.0328 3364 aic78xx - ok
19:10:09.0375 3364 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:10:09.0484 3364 Alerter - ok
19:10:09.0531 3364 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
19:10:09.0656 3364 ALG - ok
19:10:09.0656 3364 AliIde - ok
19:10:09.0671 3364 amsint - ok
19:10:09.0765 3364 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:10:09.0796 3364 Apple Mobile Device - ok
19:10:09.0859 3364 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:10:10.0015 3364 AppMgmt - ok
19:10:10.0031 3364 asc - ok
19:10:10.0031 3364 asc3350p - ok
19:10:10.0046 3364 asc3550 - ok
19:10:10.0109 3364 [ 05A56C3156E1B6CC7BBD8E1D54D491F2 ] ASNDIS5 C:\WINDOWS\ATK0100\ASNDIS5.SYS
19:10:10.0125 3364 ASNDIS5 - ok
19:10:10.0187 3364 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:10:10.0203 3364 aspnet_state - ok
19:10:10.0218 3364 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:10:10.0234 3364 aswFsBlk - ok
19:10:10.0250 3364 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
19:10:10.0281 3364 aswMon2 - ok
19:10:10.0281 3364 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
19:10:10.0312 3364 aswRdr - ok
19:10:10.0343 3364 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
19:10:10.0390 3364 aswSnx - ok
19:10:10.0437 3364 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
19:10:10.0468 3364 aswSP - ok
19:10:10.0515 3364 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
19:10:10.0531 3364 aswTdi - ok
19:10:10.0562 3364 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:10:10.0687 3364 AsyncMac - ok
19:10:10.0718 3364 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:10:10.0843 3364 atapi - ok
19:10:10.0875 3364 [ F38A6E25C67798FF5F4AF85ACED4FB87 ] AtcL002 C:\WINDOWS\system32\DRIVERS\atl02_xp.sys
19:10:10.0906 3364 AtcL002 - ok
19:10:10.0921 3364 Atdisk - ok
19:10:11.0046 3364 [ 29B2874B3956B62C0DBEA32D75A8E776 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:10:11.0109 3364 Ati HotKey Poller - ok
19:10:11.0218 3364 [ A1789368B4A31D2111AF7AEDA0C8D3FC ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:10:11.0312 3364 ati2mtag - ok
19:10:11.0437 3364 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
19:10:11.0468 3364 atksgt - ok
19:10:11.0515 3364 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:10:11.0625 3364 Atmarpc - ok
19:10:11.0734 3364 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:10:11.0890 3364 AudioSrv - ok
19:10:11.0921 3364 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:10:12.0031 3364 audstub - ok
19:10:12.0140 3364 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\Alwil Software\Avast5\AvastSvc.exe
19:10:12.0156 3364 avast! Antivirus - ok
19:10:12.0218 3364 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:10:12.0265 3364 BCM43XX - ok
19:10:12.0296 3364 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:10:12.0421 3364 Beep - ok
19:10:12.0484 3364 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
19:10:12.0609 3364 BITS - ok
19:10:12.0687 3364 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
19:10:12.0703 3364 Bonjour Service - ok
19:10:12.0765 3364 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
19:10:12.0812 3364 Browser - ok
19:10:12.0906 3364 catchme - ok
19:10:12.0937 3364 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:10:13.0062 3364 cbidf2k - ok
19:10:13.0093 3364 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:10:13.0203 3364 CCDECODE - ok
19:10:13.0203 3364 cd20xrnt - ok
19:10:13.0234 3364 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:10:13.0375 3364 Cdaudio - ok
19:10:13.0406 3364 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:10:13.0515 3364 Cdfs - ok
19:10:13.0531 3364 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:10:13.0640 3364 Cdrom - ok
19:10:13.0656 3364 Changer - ok
19:10:13.0812 3364 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:10:13.0953 3364 CiSvc - ok
19:10:14.0000 3364 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:10:14.0125 3364 ClipSrv - ok
19:10:14.0187 3364 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:10:14.0203 3364 clr_optimization_v2.0.50727_32 - ok
19:10:14.0234 3364 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:10:14.0359 3364 CmBatt - ok
19:10:14.0375 3364 CmdIde - ok
19:10:14.0390 3364 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:10:14.0515 3364 Compbatt - ok
19:10:14.0562 3364 COMSysApp - ok
19:10:14.0578 3364 Cpqarray - ok
19:10:14.0703 3364 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:10:14.0843 3364 CryptSvc - ok
19:10:14.0843 3364 dac2w2k - ok
19:10:14.0859 3364 dac960nt - ok
19:10:14.0906 3364 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:10:14.0937 3364 DcomLaunch - ok
19:10:15.0000 3364 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:10:15.0109 3364 Dhcp - ok
19:10:15.0140 3364 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:10:15.0265 3364 Disk - ok
19:10:15.0296 3364 dmadmin - ok
19:10:15.0437 3364 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:10:15.0562 3364 dmboot - ok
19:10:15.0578 3364 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:10:15.0703 3364 dmio - ok
19:10:15.0718 3364 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:10:15.0828 3364 dmload - ok
19:10:15.0875 3364 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:10:16.0000 3364 dmserver - ok
19:10:16.0031 3364 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:10:16.0171 3364 DMusic - ok
19:10:16.0218 3364 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:10:16.0250 3364 Dnscache - ok
19:10:16.0328 3364 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:10:16.0453 3364 Dot3svc - ok
19:10:16.0468 3364 dpti2o - ok
19:10:16.0484 3364 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:10:16.0593 3364 drmkaud - ok
19:10:16.0640 3364 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:10:16.0781 3364 EapHost - ok
19:10:16.0843 3364 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:10:16.0984 3364 ERSvc - ok
19:10:17.0046 3364 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
19:10:17.0078 3364 Eventlog - ok
19:10:17.0140 3364 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
19:10:17.0171 3364 EventSystem - ok
19:10:17.0187 3364 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:10:17.0296 3364 Fastfat - ok
19:10:17.0343 3364 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:10:17.0375 3364 FastUserSwitchingCompatibility - ok
19:10:17.0421 3364 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:10:17.0531 3364 Fdc - ok
19:10:17.0531 3364 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:10:17.0671 3364 Fips - ok
19:10:17.0671 3364 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:10:17.0796 3364 Flpydisk - ok
19:10:17.0828 3364 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:10:17.0953 3364 FltMgr - ok
19:10:18.0062 3364 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:10:18.0078 3364 FontCache3.0.0.0 - ok
19:10:18.0109 3364 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:10:18.0250 3364 Fs_Rec - ok
19:10:18.0265 3364 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:10:18.0406 3364 Ftdisk - ok
19:10:18.0437 3364 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:10:18.0453 3364 GEARAspiWDM - ok
19:10:18.0500 3364 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
19:10:18.0515 3364 giveio ( UnsignedFile.Multi.Generic ) - warning
19:10:18.0515 3364 giveio - detected UnsignedFile.Multi.Generic (1)
19:10:18.0531 3364 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:10:18.0671 3364 Gpc - ok
19:10:18.0703 3364 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:10:18.0828 3364 HDAudBus - ok
19:10:18.0875 3364 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:10:18.0984 3364 helpsvc - ok
19:10:19.0046 3364 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
19:10:19.0171 3364 HidServ - ok
19:10:19.0187 3364 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:10:19.0328 3364 HidUsb - ok
19:10:19.0406 3364 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:10:19.0515 3364 hkmsvc - ok
19:10:19.0531 3364 hpn - ok
19:10:19.0578 3364 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:10:19.0609 3364 HTTP - ok
19:10:19.0656 3364 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:10:19.0796 3364 HTTPFilter - ok
19:10:19.0796 3364 i2omgmt - ok
19:10:19.0812 3364 i2omp - ok
19:10:19.0828 3364 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:10:19.0953 3364 i8042prt - ok
19:10:20.0031 3364 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT c:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:10:20.0046 3364 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:10:20.0046 3364 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:10:20.0125 3364 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:10:20.0156 3364 idsvc - ok
19:10:20.0218 3364 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:10:20.0343 3364 Imapi - ok
19:10:20.0406 3364 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
19:10:20.0515 3364 ImapiService - ok
19:10:20.0531 3364 ini910u - ok
19:10:20.0734 3364 [ 47F27AF890DA3E51C633FDD510910115 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:10:20.0937 3364 IntcAzAudAddService - ok
19:10:20.0984 3364 IntelIde - ok
19:10:21.0031 3364 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:10:21.0140 3364 intelppm - ok
19:10:21.0187 3364 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:10:21.0296 3364 Ip6Fw - ok
19:10:21.0328 3364 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:10:21.0468 3364 IpFilterDriver - ok
19:10:21.0500 3364 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:10:21.0625 3364 IpInIp - ok
19:10:21.0656 3364 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:10:21.0781 3364 IpNat - ok
19:10:21.0906 3364 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Programme\iPod\bin\iPodService.exe
19:10:21.0937 3364 iPod Service - ok
19:10:21.0968 3364 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:10:22.0093 3364 IPSec - ok
19:10:22.0125 3364 [ EE8CC26924A6F07972BBF04487EBD552 ] ipswuio C:\WINDOWS\system32\DRIVERS\ipswuio.sys
19:10:22.0140 3364 ipswuio ( UnsignedFile.Multi.Generic ) - warning
19:10:22.0140 3364 ipswuio - detected UnsignedFile.Multi.Generic (1)
19:10:22.0171 3364 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:10:22.0296 3364 IRENUM - ok
19:10:22.0343 3364 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:10:22.0453 3364 isapnp - ok
19:10:22.0546 3364 [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
19:10:22.0562 3364 JavaQuickStarterService - ok
19:10:22.0593 3364 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:10:22.0718 3364 Kbdclass - ok
19:10:22.0750 3364 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:10:22.0875 3364 kbdhid - ok
19:10:22.0921 3364 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:10:23.0062 3364 kmixer - ok
19:10:23.0093 3364 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:10:23.0109 3364 KSecDD - ok
19:10:23.0171 3364 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:10:23.0203 3364 lanmanserver - ok
19:10:23.0312 3364 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:10:23.0359 3364 lanmanworkstation - ok
19:10:23.0359 3364 lbrtfdc - ok
19:10:23.0437 3364 [ 5712DCBE52D68865CCA91AE04807B755 ] LightScribeService c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
19:10:23.0453 3364 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:10:23.0453 3364 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:10:23.0484 3364 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
19:10:23.0500 3364 lirsgt - ok
19:10:23.0562 3364 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:10:23.0687 3364 LmHosts - ok
19:10:23.0718 3364 [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
19:10:23.0734 3364 LVUSBSta - ok
19:10:23.0796 3364 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:10:23.0906 3364 Messenger - ok
19:10:23.0937 3364 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:10:24.0078 3364 mnmdd - ok
19:10:24.0125 3364 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:10:24.0250 3364 mnmsrvc - ok
19:10:24.0281 3364 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:10:24.0406 3364 Modem - ok
19:10:24.0421 3364 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:10:24.0546 3364 MODEMCSA - ok
19:10:24.0562 3364 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:10:24.0687 3364 Mouclass - ok
19:10:24.0734 3364 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:10:24.0875 3364 mouhid - ok
19:10:24.0906 3364 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:10:25.0015 3364 MountMgr - ok
19:10:25.0078 3364 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:10:25.0093 3364 MozillaMaintenance - ok
19:10:25.0171 3364 MpKsl9753d9dd - ok
19:10:25.0187 3364 mraid35x - ok
19:10:25.0218 3364 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:10:25.0343 3364 MRxDAV - ok
19:10:25.0406 3364 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:10:25.0453 3364 MRxSmb - ok
19:10:25.0500 3364 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:10:25.0640 3364 MSDTC - ok
19:10:25.0656 3364 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:10:25.0781 3364 Msfs - ok
19:10:25.0828 3364 MSIServer - ok
19:10:25.0921 3364 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:10:26.0046 3364 MSKSSRV - ok
19:10:26.0078 3364 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:10:26.0187 3364 MSPCLOCK - ok
19:10:26.0203 3364 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:10:26.0328 3364 MSPQM - ok
19:10:26.0359 3364 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:10:26.0453 3364 mssmbios - ok
19:10:26.0468 3364 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:10:26.0593 3364 MSTEE - ok
19:10:26.0625 3364 [ E333010A50BF603ACC350F6019E9CE02 ] MTsensor C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
19:10:26.0640 3364 MTsensor - ok
19:10:26.0687 3364 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:10:26.0718 3364 Mup - ok
19:10:26.0750 3364 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:10:26.0875 3364 NABTSFEC - ok
19:10:26.0953 3364 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
19:10:27.0078 3364 napagent - ok
19:10:27.0109 3364 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:10:27.0234 3364 NDIS - ok
19:10:27.0265 3364 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:10:27.0390 3364 NdisIP - ok
19:10:27.0421 3364 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:10:27.0453 3364 NdisTapi - ok
19:10:27.0500 3364 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:10:27.0609 3364 Ndisuio - ok
19:10:27.0640 3364 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:10:27.0765 3364 NdisWan - ok
19:10:27.0781 3364 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:10:27.0828 3364 NDProxy - ok
19:10:27.0843 3364 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:10:27.0968 3364 NetBIOS - ok
19:10:28.0000 3364 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\NETBT.SYS
19:10:28.0125 3364 NetBT - ok
19:10:28.0187 3364 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
19:10:28.0296 3364 NetDDE - ok
19:10:28.0312 3364 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:10:28.0421 3364 NetDDEdsdm - ok
19:10:28.0531 3364 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:10:28.0656 3364 Netlogon - ok
19:10:28.0734 3364 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
19:10:28.0859 3364 Netman - ok
19:10:28.0968 3364 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:10:28.0984 3364 NetTcpPortSharing - ok
19:10:29.0046 3364 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
19:10:29.0093 3364 Nla - ok
19:10:29.0125 3364 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:10:29.0218 3364 Npfs - ok
19:10:29.0281 3364 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:10:29.0421 3364 Ntfs - ok
19:10:29.0453 3364 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:10:29.0562 3364 NtLmSsp - ok
19:10:29.0718 3364 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:10:29.0859 3364 NtmsSvc - ok
19:10:29.0906 3364 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:10:30.0015 3364 Null - ok
19:10:30.0062 3364 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:10:30.0187 3364 NwlnkFlt - ok
19:10:30.0203 3364 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:10:30.0343 3364 NwlnkFwd - ok
19:10:30.0375 3364 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:10:30.0500 3364 Parport - ok
19:10:30.0515 3364 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:10:30.0640 3364 PartMgr - ok
19:10:30.0656 3364 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:10:30.0781 3364 ParVdm - ok
19:10:30.0796 3364 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:10:30.0906 3364 PCI - ok
19:10:30.0906 3364 PCIDump - ok
19:10:30.0937 3364 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:10:31.0062 3364 PCIIde - ok
19:10:31.0093 3364 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:10:31.0203 3364 Pcmcia - ok
19:10:31.0250 3364 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
19:10:31.0250 3364 pcouffin ( UnsignedFile.Multi.Generic ) - warning
19:10:31.0250 3364 pcouffin - detected UnsignedFile.Multi.Generic (1)
19:10:31.0265 3364 PDCOMP - ok
19:10:31.0265 3364 PDFRAME - ok
19:10:31.0281 3364 PDRELI - ok
19:10:31.0296 3364 PDRFRAME - ok
19:10:31.0296 3364 perc2 - ok
19:10:31.0312 3364 perc2hib - ok
19:10:31.0406 3364 [ A7598E897DA639E255AD4188FA398478 ] PID_PEPI C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
19:10:31.0468 3364 PID_PEPI - ok
19:10:31.0531 3364 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
19:10:31.0546 3364 PlugPlay - ok
19:10:31.0593 3364 [ 831883B107684301F48ACE752C963984 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
19:10:31.0625 3364 PnkBstrA - ok
19:10:31.0671 3364 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:10:31.0781 3364 PolicyAgent - ok
19:10:31.0828 3364 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:10:31.0953 3364 PptpMiniport - ok
19:10:31.0984 3364 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:10:32.0093 3364 ProtectedStorage - ok
19:10:32.0140 3364 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:10:32.0296 3364 PSched - ok
19:10:32.0312 3364 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:10:32.0453 3364 Ptilink - ok
19:10:32.0468 3364 ql1080 - ok
19:10:32.0484 3364 Ql10wnt - ok
19:10:32.0484 3364 ql12160 - ok
19:10:32.0500 3364 ql1240 - ok
19:10:32.0500 3364 ql1280 - ok
19:10:32.0578 3364 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:10:32.0703 3364 RasAcd - ok
19:10:32.0765 3364 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:10:32.0890 3364 RasAuto - ok
19:10:32.0921 3364 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:10:33.0046 3364 Rasl2tp - ok
19:10:33.0109 3364 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:10:33.0234 3364 RasMan - ok
19:10:33.0250 3364 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:10:33.0390 3364 RasPppoe - ok
19:10:33.0406 3364 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:10:33.0531 3364 Raspti - ok
19:10:33.0562 3364 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:10:33.0671 3364 Rdbss - ok
19:10:33.0703 3364 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:10:33.0843 3364 RDPCDD - ok
19:10:33.0875 3364 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:10:34.0000 3364 rdpdr - ok
19:10:34.0046 3364 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:10:34.0078 3364 RDPWD - ok
19:10:34.0125 3364 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:10:34.0234 3364 RDSessMgr - ok
19:10:34.0265 3364 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:10:34.0390 3364 redbook - ok
19:10:34.0484 3364 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:10:34.0609 3364 RemoteAccess - ok
19:10:34.0656 3364 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:10:34.0765 3364 RemoteRegistry - ok
19:10:34.0828 3364 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
19:10:34.0953 3364 RpcLocator - ok
19:10:35.0000 3364 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:10:35.0015 3364 RpcSs - ok
19:10:35.0062 3364 [ A3B23FB3F295694091F51865F98588B2 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:10:35.0062 3364 rspndr ( UnsignedFile.Multi.Generic ) - warning
19:10:35.0062 3364 rspndr - detected UnsignedFile.Multi.Generic (1)
19:10:35.0125 3364 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:10:35.0265 3364 RSVP - ok
19:10:35.0281 3364 [ DAAF657C0B5BD0595669496857040F75 ] RTSTOR C:\WINDOWS\system32\drivers\RTSTOR.SYS
19:10:35.0312 3364 RTSTOR - ok
19:10:35.0375 3364 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
19:10:35.0484 3364 SamSs - ok
19:10:35.0546 3364 [ BD26A150DC292913E48EE2B950372DFD ] Samsung UPD Service C:\WINDOWS\system32\SUPDSvc.exe
19:10:35.0578 3364 Samsung UPD Service - ok
19:10:35.0640 3364 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
19:10:35.0656 3364 SASDIFSV - ok
19:10:35.0656 3364 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
19:10:35.0671 3364 SASKUTIL - ok
19:10:35.0734 3364 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:10:35.0859 3364 SCardSvr - ok
19:10:35.0921 3364 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:10:36.0031 3364 Schedule - ok
19:10:36.0078 3364 [ 59A9EB4073A39895AF314780D0A032FA ] SE27bus C:\WINDOWS\system32\DRIVERS\SE27bus.sys
19:10:36.0078 3364 SE27bus ( UnsignedFile.Multi.Generic ) - warning
19:10:36.0078 3364 SE27bus - detected UnsignedFile.Multi.Generic (1)
19:10:36.0125 3364 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:10:36.0234 3364 Secdrv - ok
19:10:36.0296 3364 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
19:10:36.0406 3364 seclogon - ok
19:10:36.0453 3364 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
19:10:36.0578 3364 SENS - ok
19:10:36.0625 3364 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
19:10:36.0750 3364 Serial - ok
19:10:36.0796 3364 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:10:36.0906 3364 Sfloppy - ok
19:10:36.0984 3364 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:10:37.0109 3364 SharedAccess - ok
19:10:37.0156 3364 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:10:37.0187 3364 ShellHWDetection - ok
19:10:37.0187 3364 Simbad - ok
19:10:37.0437 3364 [ 2A99850C2A6EDD6C6602E822C716EDAF ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:10:37.0546 3364 Skype C2C Service - ok
19:10:37.0703 3364 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
19:10:37.0718 3364 SkypeUpdate - ok
19:10:37.0796 3364 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:10:37.0906 3364 SLIP - ok
19:10:37.0984 3364 [ B8C571FBF5A4B341A95CDF0DE74D7B11 ] smserial C:\WINDOWS\system32\DRIVERS\smserial.sys
19:10:38.0062 3364 smserial - ok
19:10:38.0078 3364 Sparrow - ok
19:10:38.0125 3364 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys
19:10:38.0140 3364 speedfan - ok
19:10:38.0187 3364 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:10:38.0296 3364 splitter - ok
19:10:38.0343 3364 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:10:38.0375 3364 Spooler - ok
19:10:38.0453 3364 [ D390675B8CE45E5FB359338E5E649329 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
19:10:38.0484 3364 sptd - ok
19:10:38.0500 3364 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:10:38.0609 3364 sr - ok
19:10:38.0703 3364 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
19:10:38.0828 3364 srservice - ok
19:10:38.0859 3364 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:10:38.0906 3364 Srv - ok
19:10:38.0953 3364 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:10:39.0062 3364 SSDPSRV - ok
19:10:39.0109 3364 [ 5EC550B8952882EE856B862CF648522D ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:10:39.0125 3364 ssmdrv - ok
19:10:39.0187 3364 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:10:39.0312 3364 stisvc - ok
19:10:39.0343 3364 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:10:39.0468 3364 streamip - ok
19:10:39.0500 3364 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:10:39.0625 3364 swenum - ok
19:10:39.0671 3364 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:10:39.0781 3364 swmidi - ok
19:10:39.0843 3364 SwPrv - ok
19:10:39.0843 3364 symc810 - ok
19:10:39.0859 3364 symc8xx - ok
19:10:39.0906 3364 [ 3C6790D26D03FE5163E2BEC490E51A7E ] SymEvent C:\Programme\Symantec\SYMEVENT.SYS
19:10:39.0921 3364 SymEvent - ok
19:10:39.0937 3364 sym_hi - ok
19:10:39.0953 3364 sym_u3 - ok
19:10:39.0984 3364 [ 69BF2DD9B1099D1AA3E7CF14B4B842CD ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:10:40.0015 3364 SynTP - ok
19:10:40.0046 3364 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:10:40.0171 3364 sysaudio - ok
19:10:40.0250 3364 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:10:40.0375 3364 SysmonLog - ok
19:10:40.0421 3364 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:10:40.0546 3364 TapiSrv - ok
19:10:40.0578 3364 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:10:40.0625 3364 Tcpip - ok
19:10:40.0671 3364 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:10:40.0781 3364 TDPIPE - ok
19:10:40.0796 3364 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:10:40.0921 3364 TDTCP - ok
19:10:40.0953 3364 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:10:41.0062 3364 TermDD - ok
19:10:41.0125 3364 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
19:10:41.0250 3364 TermService - ok
19:10:41.0296 3364 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:10:41.0328 3364 Themes - ok
19:10:41.0390 3364 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:10:41.0515 3364 TlntSvr - ok
19:10:41.0531 3364 TosIde - ok
19:10:41.0593 3364 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:10:41.0734 3364 TrkWks - ok
19:10:41.0765 3364 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:10:41.0875 3364 Udfs - ok
19:10:41.0953 3364 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
19:10:41.0968 3364 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
19:10:41.0968 3364 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
19:10:41.0984 3364 ultra - ok
19:10:42.0031 3364 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:10:42.0156 3364 Update - ok
19:10:42.0218 3364 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:10:42.0343 3364 upnphost - ok
19:10:42.0406 3364 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
19:10:42.0531 3364 UPS - ok
19:10:42.0562 3364 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
19:10:42.0593 3364 USBAAPL - ok
19:10:42.0625 3364 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:10:42.0750 3364 usbaudio - ok
19:10:42.0765 3364 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:10:42.0890 3364 usbccgp - ok
19:10:42.0921 3364 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:10:43.0046 3364 usbehci - ok
19:10:43.0062 3364 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:10:43.0187 3364 usbhub - ok
19:10:43.0203 3364 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:10:43.0343 3364 usbohci - ok
19:10:43.0375 3364 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:10:43.0500 3364 usbprint - ok
19:10:43.0531 3364 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:10:43.0656 3364 usbscan - ok
19:10:43.0656 3364 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:10:43.0781 3364 usbstor - ok
19:10:43.0812 3364 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:10:43.0937 3364 VgaSave - ok
19:10:43.0953 3364 ViaIde - ok
19:10:43.0984 3364 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:10:44.0109 3364 VolSnap - ok
19:10:44.0203 3364 [ 18507BDC6C15BD464DE9AB18B6AF1C23 ] vpnagent C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
19:10:44.0234 3364 vpnagent - ok
19:10:44.0281 3364 [ FDDAFA1C89B0B07494AF5879F7ECE857 ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
19:10:44.0296 3364 vpnva - ok
19:10:44.0390 3364 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
19:10:44.0515 3364 VSS - ok
19:10:44.0578 3364 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
19:10:44.0687 3364 W32Time - ok
19:10:44.0703 3364 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:10:44.0828 3364 Wanarp - ok
19:10:44.0828 3364 WDICA - ok
19:10:44.0875 3364 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:10:45.0000 3364 wdmaud - ok
19:10:45.0062 3364 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:10:45.0187 3364 WebClient - ok
19:10:45.0250 3364 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:10:45.0375 3364 winmgmt - ok
19:10:45.0437 3364 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:10:45.0453 3364 WmdmPmSN - ok
19:10:45.0515 3364 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:10:45.0562 3364 Wmi - ok
19:10:45.0593 3364 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:10:45.0718 3364 WmiApSrv - ok
19:10:45.0828 3364 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
19:10:45.0875 3364 WMPNetworkSvc - ok
19:10:45.0921 3364 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:10:46.0078 3364 WS2IFSL - ok
19:10:46.0156 3364 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:10:46.0281 3364 wscsvc - ok
19:10:46.0312 3364 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:10:46.0421 3364 WSTCODEC - ok
19:10:46.0500 3364 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:10:46.0609 3364 wuauserv - ok
19:10:46.0640 3364 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:10:46.0671 3364 WudfPf - ok
19:10:46.0687 3364 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:10:46.0703 3364 WudfRd - ok
19:10:46.0781 3364 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:10:46.0812 3364 WudfSvc - ok
19:10:46.0890 3364 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:10:47.0031 3364 WZCSVC - ok
19:10:47.0093 3364 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:10:47.0203 3364 xmlprov - ok
19:10:47.0218 3364 ================ Scan global ===============================
19:10:47.0359 3364 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
19:10:47.0468 3364 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:10:47.0546 3364 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:10:47.0609 3364 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
19:10:47.0609 3364 [Global] - ok
19:10:47.0609 3364 ================ Scan MBR ==================================
19:10:47.0640 3364 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
19:10:47.0812 3364 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:10:47.0812 3364 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:10:47.0812 3364 ================ Scan VBR ==================================
19:10:47.0812 3364 [ BF30917383F8E116AC1A4405BC6C3D08 ] \Device\Harddisk0\DR0\Partition1
19:10:47.0812 3364 \Device\Harddisk0\DR0\Partition1 - ok
19:10:47.0843 3364 [ FE176BB4F15D15B35F394F0B48DA185C ] \Device\Harddisk0\DR0\Partition2
19:10:47.0843 3364 \Device\Harddisk0\DR0\Partition2 - ok
19:10:47.0843 3364 ============================================================
19:10:47.0843 3364 Scan finished
19:10:47.0843 3364 ============================================================
19:10:47.0953 1436 Detected object count: 11
19:10:47.0953 1436 Actual detected object count: 11
19:12:14.0093 1436 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0093 1436 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:14.0093 1436 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0093 1436 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:14.0093 1436 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0093 1436 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:14.0093 1436 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0093 1436 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:14.0109 1436 ipswuio ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0109 1436 ipswuio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:14.0109 1436 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0109 1436 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:14.0109 1436 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0109 1436 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:14.0109 1436 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0109 1436 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:14.0109 1436 SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0109 1436 SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:14.0109 1436 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0109 1436 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:14.0265 1436 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:12:14.0265 1436 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
19:12:14.0265 1436 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
19:12:14.0281 1436 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
19:12:14.0281 1436 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
19:12:14.0281 1436 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
19:12:14.0281 1436 \Device\Harddisk0\DR0\TDLFS - deleted
19:12:14.0281 1436 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
Code:
ATTFilter 19:16:42.0906 0292 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:16:43.0250 0292 ============================================================
19:16:43.0250 0292 Current date / time: 2012/11/19 19:16:43.0250
19:16:43.0250 0292 SystemInfo:
19:16:43.0250 0292
19:16:43.0250 0292 OS Version: 5.1.2600 ServicePack: 3.0
19:16:43.0250 0292 Product type: Workstation
19:16:43.0250 0292 ComputerName: DACHS
19:16:43.0250 0292 UserName: jens
19:16:43.0250 0292 Windows directory: C:\WINDOWS
19:16:43.0250 0292 System windows directory: C:\WINDOWS
19:16:43.0250 0292 Processor architecture: Intel x86
19:16:43.0250 0292 Number of processors: 2
19:16:43.0250 0292 Page size: 0x1000
19:16:43.0250 0292 Boot type: Normal boot
19:16:43.0250 0292 ============================================================
19:16:44.0343 0292 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:16:44.0390 0292 ============================================================
19:16:44.0390 0292 \Device\Harddisk0\DR0:
19:16:44.0406 0292 MBR partitions:
19:16:44.0406 0292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3B9133, BlocksNum 0x8622273
19:16:44.0421 0292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x89DB3E5, BlocksNum 0x55B83DC
19:16:44.0421 0292 ============================================================
19:16:44.0437 0292 C: <-> \Device\Harddisk0\DR0\Partition1
19:16:44.0453 0292 D: <-> \Device\Harddisk0\DR0\Partition2
19:16:44.0453 0292 ============================================================
19:16:44.0453 0292 Initialize success
19:16:44.0453 0292 ============================================================
19:16:58.0828 0532 ============================================================
19:16:58.0828 0532 Scan started
19:16:58.0828 0532 Mode: Manual; SigCheck; TDLFS;
19:16:58.0828 0532 ============================================================
19:16:58.0921 0532 ================ Scan system memory ========================
19:16:58.0921 0532 System memory - ok
19:16:58.0921 0532 ================ Scan services =============================
19:16:59.0203 0532 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Programme\SUPERAntiSpyware\SASCORE.EXE
19:16:59.0406 0532 !SASCORE - ok
19:16:59.0468 0532 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
19:16:59.0640 0532 Aavmker4 - ok
19:16:59.0656 0532 Abiosdsk - ok
19:16:59.0656 0532 abp480n5 - ok
19:16:59.0703 0532 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:17:01.0093 0532 ACPI - ok
19:17:01.0125 0532 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:17:01.0312 0532 ACPIEC - ok
19:17:01.0359 0532 [ E850B0A94E8703CCBC980B31594DC408 ] acsint C:\WINDOWS\system32\DRIVERS\acsint.sys
19:17:01.0375 0532 acsint - ok
19:17:01.0406 0532 [ EA2429C90AEAB09D7F3A99B16DA23CED ] acsmux C:\WINDOWS\system32\DRIVERS\acsmux.sys
19:17:01.0421 0532 acsmux - ok
19:17:01.0484 0532 [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
19:17:01.0500 0532 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
19:17:01.0500 0532 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
19:17:01.0500 0532 adpu160m - ok
19:17:01.0546 0532 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:17:01.0687 0532 aec - ok
19:17:01.0734 0532 [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:17:01.0765 0532 AegisP ( UnsignedFile.Multi.Generic ) - warning
19:17:01.0765 0532 AegisP - detected UnsignedFile.Multi.Generic (1)
19:17:01.0812 0532 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:17:01.0890 0532 AFD - ok
19:17:01.0890 0532 Aha154x - ok
19:17:01.0906 0532 aic78u2 - ok
19:17:01.0921 0532 aic78xx - ok
19:17:01.0968 0532 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:17:02.0109 0532 Alerter - ok
19:17:02.0156 0532 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
19:17:02.0281 0532 ALG - ok
19:17:02.0281 0532 AliIde - ok
19:17:02.0296 0532 amsint - ok
19:17:02.0390 0532 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:17:02.0390 0532 Apple Mobile Device - ok
19:17:02.0468 0532 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:17:02.0625 0532 AppMgmt - ok
19:17:02.0640 0532 asc - ok
19:17:02.0656 0532 asc3350p - ok
19:17:02.0656 0532 asc3550 - ok
19:17:02.0734 0532 [ 05A56C3156E1B6CC7BBD8E1D54D491F2 ] ASNDIS5 C:\WINDOWS\ATK0100\ASNDIS5.SYS
19:17:02.0750 0532 ASNDIS5 - ok
19:17:02.0828 0532 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:17:02.0843 0532 aspnet_state - ok
19:17:02.0875 0532 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:17:02.0890 0532 aswFsBlk - ok
19:17:02.0906 0532 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
19:17:02.0921 0532 aswMon2 - ok
19:17:02.0953 0532 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
19:17:02.0968 0532 aswRdr - ok
19:17:03.0015 0532 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
19:17:03.0046 0532 aswSnx - ok
19:17:03.0078 0532 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
19:17:03.0109 0532 aswSP - ok
19:17:03.0125 0532 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
19:17:03.0140 0532 aswTdi - ok
19:17:03.0187 0532 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:17:03.0328 0532 AsyncMac - ok
19:17:03.0359 0532 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:17:03.0468 0532 atapi - ok
19:17:03.0515 0532 [ F38A6E25C67798FF5F4AF85ACED4FB87 ] AtcL002 C:\WINDOWS\system32\DRIVERS\atl02_xp.sys
19:17:03.0562 0532 AtcL002 - ok
19:17:03.0562 0532 Atdisk - ok
19:17:03.0687 0532 [ 29B2874B3956B62C0DBEA32D75A8E776 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:17:03.0796 0532 Ati HotKey Poller - ok
19:17:03.0890 0532 [ A1789368B4A31D2111AF7AEDA0C8D3FC ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:17:04.0031 0532 ati2mtag - ok
19:17:04.0140 0532 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
19:17:04.0171 0532 atksgt - ok
19:17:04.0218 0532 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:17:04.0343 0532 Atmarpc - ok
19:17:04.0453 0532 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:17:04.0593 0532 AudioSrv - ok
19:17:04.0640 0532 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:17:04.0765 0532 audstub - ok
19:17:04.0859 0532 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\Alwil Software\Avast5\AvastSvc.exe
19:17:04.0875 0532 avast! Antivirus - ok
19:17:04.0937 0532 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:17:05.0015 0532 BCM43XX - ok
19:17:05.0031 0532 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:17:05.0171 0532 Beep - ok
19:17:05.0234 0532 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
19:17:05.0375 0532 BITS - ok
19:17:05.0453 0532 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
19:17:05.0500 0532 Bonjour Service - ok
19:17:05.0562 0532 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
19:17:05.0625 0532 Browser - ok
19:17:05.0718 0532 catchme - ok
19:17:05.0750 0532 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:17:05.0875 0532 cbidf2k - ok
19:17:05.0921 0532 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:17:06.0031 0532 CCDECODE - ok
19:17:06.0031 0532 cd20xrnt - ok
19:17:06.0062 0532 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:17:06.0203 0532 Cdaudio - ok
19:17:06.0250 0532 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:17:06.0359 0532 Cdfs - ok
19:17:06.0390 0532 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:17:06.0500 0532 Cdrom - ok
19:17:06.0515 0532 Changer - ok
19:17:06.0593 0532 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:17:06.0734 0532 CiSvc - ok
19:17:06.0796 0532 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:17:06.0921 0532 ClipSrv - ok
19:17:06.0984 0532 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:17:07.0000 0532 clr_optimization_v2.0.50727_32 - ok
19:17:07.0031 0532 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:17:07.0156 0532 CmBatt - ok
19:17:07.0171 0532 CmdIde - ok
19:17:07.0187 0532 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:17:07.0312 0532 Compbatt - ok
19:17:07.0359 0532 COMSysApp - ok
19:17:07.0375 0532 Cpqarray - ok
19:17:07.0500 0532 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:17:07.0640 0532 CryptSvc - ok
19:17:07.0656 0532 dac2w2k - ok
19:17:07.0656 0532 dac960nt - ok
19:17:07.0703 0532 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:17:07.0781 0532 DcomLaunch - ok
19:17:07.0843 0532 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:17:07.0968 0532 Dhcp - ok
19:17:08.0000 0532 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:17:08.0109 0532 Disk - ok
19:17:08.0156 0532 dmadmin - ok
19:17:08.0281 0532 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:17:08.0437 0532 dmboot - ok
19:17:08.0468 0532 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:17:08.0593 0532 dmio - ok
19:17:08.0593 0532 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:17:08.0718 0532 dmload - ok
19:17:08.0765 0532 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:17:08.0890 0532 dmserver - ok
19:17:08.0921 0532 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:17:09.0046 0532 DMusic - ok
19:17:09.0109 0532 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:17:09.0171 0532 Dnscache - ok
19:17:09.0250 0532 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:17:09.0390 0532 Dot3svc - ok
19:17:09.0406 0532 dpti2o - ok
19:17:09.0437 0532 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:17:09.0546 0532 drmkaud - ok
19:17:09.0609 0532 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:17:09.0734 0532 EapHost - ok
19:17:09.0812 0532 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:17:09.0953 0532 ERSvc - ok
19:17:10.0015 0532 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
19:17:10.0046 0532 Eventlog - ok
19:17:10.0109 0532 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
19:17:10.0171 0532 EventSystem - ok
19:17:10.0203 0532 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:17:10.0312 0532 Fastfat - ok
19:17:10.0359 0532 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:17:10.0406 0532 FastUserSwitchingCompatibility - ok
19:17:10.0437 0532 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:17:10.0546 0532 Fdc - ok
19:17:10.0562 0532 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:17:10.0687 0532 Fips - ok
19:17:10.0718 0532 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:17:10.0843 0532 Flpydisk - ok
19:17:10.0875 0532 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:17:11.0000 0532 FltMgr - ok
19:17:11.0109 0532 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:17:11.0125 0532 FontCache3.0.0.0 - ok
19:17:11.0156 0532 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:17:11.0296 0532 Fs_Rec - ok
19:17:11.0312 0532 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:17:11.0453 0532 Ftdisk - ok
19:17:11.0500 0532 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:17:11.0500 0532 GEARAspiWDM - ok
19:17:11.0546 0532 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
19:17:11.0578 0532 giveio ( UnsignedFile.Multi.Generic ) - warning
19:17:11.0578 0532 giveio - detected UnsignedFile.Multi.Generic (1)
19:17:11.0609 0532 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:17:11.0734 0532 Gpc - ok
19:17:11.0765 0532 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:17:11.0890 0532 HDAudBus - ok
19:17:11.0937 0532 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:17:12.0062 0532 helpsvc - ok
19:17:12.0093 0532 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
19:17:12.0218 0532 HidServ - ok
19:17:12.0250 0532 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:17:12.0375 0532 HidUsb - ok
19:17:12.0453 0532 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:17:12.0578 0532 hkmsvc - ok
19:17:12.0578 0532 hpn - ok
19:17:12.0640 0532 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:17:12.0703 0532 HTTP - ok
19:17:12.0765 0532 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:17:12.0890 0532 HTTPFilter - ok
19:17:12.0906 0532 i2omgmt - ok
19:17:12.0906 0532 i2omp - ok
19:17:12.0937 0532 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:17:13.0062 0532 i8042prt - ok
19:17:13.0140 0532 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT c:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:17:13.0156 0532 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:17:13.0156 0532 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:17:13.0234 0532 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:17:13.0296 0532 idsvc - ok
19:17:13.0328 0532 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:17:13.0453 0532 Imapi - ok
19:17:13.0515 0532 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
19:17:13.0640 0532 ImapiService - ok
19:17:13.0656 0532 ini910u - ok
19:17:13.0859 0532 [ 47F27AF890DA3E51C633FDD510910115 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:17:14.0093 0532 IntcAzAudAddService - ok
19:17:14.0156 0532 IntelIde - ok
19:17:14.0171 0532 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:17:14.0312 0532 intelppm - ok
19:17:14.0343 0532 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:17:14.0453 0532 Ip6Fw - ok
19:17:14.0484 0532 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:17:14.0625 0532 IpFilterDriver - ok
19:17:14.0656 0532 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:17:14.0796 0532 IpInIp - ok
19:17:14.0828 0532 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:17:14.0968 0532 IpNat - ok
19:17:15.0078 0532 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Programme\iPod\bin\iPodService.exe
19:17:15.0140 0532 iPod Service - ok
19:17:15.0187 0532 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:17:15.0328 0532 IPSec - ok
19:17:15.0359 0532 [ EE8CC26924A6F07972BBF04487EBD552 ] ipswuio C:\WINDOWS\system32\DRIVERS\ipswuio.sys
19:17:15.0375 0532 ipswuio ( UnsignedFile.Multi.Generic ) - warning
19:17:15.0375 0532 ipswuio - detected UnsignedFile.Multi.Generic (1)
19:17:15.0406 0532 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:17:15.0531 0532 IRENUM - ok
19:17:15.0578 0532 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:17:15.0734 0532 isapnp - ok
19:17:15.0843 0532 [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
19:17:15.0859 0532 JavaQuickStarterService - ok
19:17:15.0890 0532 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:17:16.0031 0532 Kbdclass - ok
19:17:16.0046 0532 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:17:16.0171 0532 kbdhid - ok
19:17:16.0234 0532 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:17:16.0359 0532 kmixer - ok
19:17:16.0390 0532 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:17:16.0453 0532 KSecDD - ok
19:17:16.0515 0532 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:17:16.0578 0532 lanmanserver - ok
19:17:16.0703 0532 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:17:16.0765 0532 lanmanworkstation - ok
19:17:16.0781 0532 lbrtfdc - ok
19:17:16.0859 0532 [ 5712DCBE52D68865CCA91AE04807B755 ] LightScribeService c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
19:17:16.0890 0532 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:17:16.0890 0532 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:17:16.0921 0532 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
19:17:16.0937 0532 lirsgt - ok
19:17:17.0000 0532 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:17:17.0125 0532 LmHosts - ok
19:17:17.0156 0532 [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
19:17:17.0171 0532 LVUSBSta - ok
19:17:17.0218 0532 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:17:17.0343 0532 Messenger - ok
19:17:17.0375 0532 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:17:17.0515 0532 mnmdd - ok
19:17:17.0546 0532 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:17:17.0671 0532 mnmsrvc - ok
19:17:17.0703 0532 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:17:17.0843 0532 Modem - ok
19:17:17.0859 0532 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:17:18.0000 0532 MODEMCSA - ok
19:17:18.0031 0532 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:17:18.0156 0532 Mouclass - ok
19:17:18.0187 0532 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:17:18.0328 0532 mouhid - ok
19:17:18.0359 0532 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:17:18.0468 0532 MountMgr - ok
19:17:18.0531 0532 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:17:18.0562 0532 MozillaMaintenance - ok
19:17:18.0640 0532 MpKsl9753d9dd - ok
19:17:18.0656 0532 mraid35x - ok
19:17:18.0687 0532 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:17:18.0828 0532 MRxDAV - ok
19:17:18.0875 0532 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:17:18.0953 0532 MRxSmb - ok
19:17:19.0015 0532 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:17:19.0140 0532 MSDTC - ok
19:17:19.0171 0532 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:17:19.0296 0532 Msfs - ok
19:17:19.0328 0532 MSIServer - ok
19:17:19.0421 0532 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:17:19.0546 0532 MSKSSRV - ok
19:17:19.0625 0532 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:17:19.0734 0532 MSPCLOCK - ok
19:17:19.0750 0532 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:17:19.0875 0532 MSPQM - ok
19:17:19.0906 0532 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:17:20.0015 0532 mssmbios - ok
19:17:20.0031 0532 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:17:20.0156 0532 MSTEE - ok
19:17:20.0203 0532 [ E333010A50BF603ACC350F6019E9CE02 ] MTsensor C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
19:17:20.0203 0532 MTsensor - ok
19:17:20.0250 0532 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:17:20.0312 0532 Mup - ok
19:17:20.0328 0532 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:17:20.0468 0532 NABTSFEC - ok
19:17:20.0546 0532 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
19:17:20.0687 0532 napagent - ok
19:17:20.0718 0532 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:17:20.0828 0532 NDIS - ok
19:17:20.0859 0532 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:17:20.0984 0532 NdisIP - ok
19:17:21.0015 0532 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:17:21.0062 0532 NdisTapi - ok
19:17:21.0109 0532 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:17:21.0234 0532 Ndisuio - ok
19:17:21.0265 0532 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:17:21.0406 0532 NdisWan - ok
19:17:21.0437 0532 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:17:21.0484 0532 NDProxy - ok
19:17:21.0500 0532 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:17:21.0625 0532 NetBIOS - ok
19:17:21.0656 0532 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\NETBT.SYS
19:17:21.0796 0532 NetBT - ok
19:17:21.0859 0532 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
19:17:21.0984 0532 NetDDE - ok
19:17:22.0000 0532 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:17:22.0109 0532 NetDDEdsdm - ok
19:17:22.0218 0532 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:17:22.0343 0532 Netlogon - ok
19:17:22.0406 0532 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
19:17:22.0546 0532 Netman - ok
19:17:22.0687 0532 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:17:22.0703 0532 NetTcpPortSharing - ok
19:17:22.0765 0532 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
19:17:22.0812 0532 Nla - ok
19:17:22.0828 0532 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:17:22.0937 0532 Npfs - ok
19:17:23.0000 0532 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:17:23.0171 0532 Ntfs - ok
19:17:23.0203 0532 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:17:23.0312 0532 NtLmSsp - ok
19:17:23.0421 0532 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:17:23.0578 0532 NtmsSvc - ok
19:17:23.0640 0532 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:17:23.0765 0532 Null - ok
19:17:23.0796 0532 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:17:23.0937 0532 NwlnkFlt - ok
19:17:23.0937 0532 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:17:24.0093 0532 NwlnkFwd - ok
19:17:24.0125 0532 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:17:24.0250 0532 Parport - ok
19:17:24.0281 0532 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:17:24.0390 0532 PartMgr - ok
19:17:24.0406 0532 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:17:24.0546 0532 ParVdm - ok
19:17:24.0562 0532 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:17:24.0671 0532 PCI - ok
19:17:24.0671 0532 PCIDump - ok
19:17:24.0703 0532 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:17:24.0828 0532 PCIIde - ok
19:17:24.0859 0532 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:17:25.0000 0532 Pcmcia - ok
19:17:25.0031 0532 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
19:17:25.0046 0532 pcouffin ( UnsignedFile.Multi.Generic ) - warning
19:17:25.0046 0532 pcouffin - detected UnsignedFile.Multi.Generic (1)
19:17:25.0046 0532 PDCOMP - ok
19:17:25.0062 0532 PDFRAME - ok
19:17:25.0078 0532 PDRELI - ok
19:17:25.0078 0532 PDRFRAME - ok
19:17:25.0093 0532 perc2 - ok
19:17:25.0109 0532 perc2hib - ok
19:17:25.0203 0532 [ A7598E897DA639E255AD4188FA398478 ] PID_PEPI C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
19:17:25.0296 0532 PID_PEPI - ok
19:17:25.0375 0532 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
19:17:25.0390 0532 PlugPlay - ok
19:17:25.0453 0532 [ 831883B107684301F48ACE752C963984 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
19:17:25.0468 0532 PnkBstrA - ok
19:17:25.0515 0532 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:17:25.0625 0532 PolicyAgent - ok
19:17:25.0687 0532 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:17:25.0812 0532 PptpMiniport - ok
19:17:25.0828 0532 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:17:25.0937 0532 ProtectedStorage - ok
19:17:25.0984 0532 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:17:26.0156 0532 PSched - ok
19:17:26.0156 0532 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:17:26.0312 0532 Ptilink - ok
19:17:26.0312 0532 ql1080 - ok
19:17:26.0328 0532 Ql10wnt - ok
19:17:26.0343 0532 ql12160 - ok
19:17:26.0343 0532 ql1240 - ok
19:17:26.0359 0532 ql1280 - ok
19:17:26.0421 0532 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:17:26.0562 0532 RasAcd - ok
19:17:26.0625 0532 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:17:26.0750 0532 RasAuto - ok
19:17:26.0781 0532 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:17:26.0906 0532 Rasl2tp - ok
19:17:26.0968 0532 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:17:27.0125 0532 RasMan - ok
19:17:27.0125 0532 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:17:27.0265 0532 RasPppoe - ok
19:17:27.0281 0532 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:17:27.0421 0532 Raspti - ok
19:17:27.0453 0532 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:17:27.0562 0532 Rdbss - ok
19:17:27.0593 0532 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:17:27.0734 0532 RDPCDD - ok
19:17:27.0765 0532 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:17:27.0906 0532 rdpdr - ok
19:17:27.0953 0532 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:17:28.0015 0532 RDPWD - ok
19:17:28.0046 0532 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:17:28.0171 0532 RDSessMgr - ok
19:17:28.0218 0532 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:17:28.0328 0532 redbook - ok
19:17:28.0421 0532 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:17:28.0562 0532 RemoteAccess - ok
19:17:28.0593 0532 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:17:28.0718 0532 RemoteRegistry - ok
19:17:28.0781 0532 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
19:17:28.0906 0532 RpcLocator - ok
19:17:28.0953 0532 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:17:28.0984 0532 RpcSs - ok
19:17:29.0031 0532 [ A3B23FB3F295694091F51865F98588B2 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:17:29.0031 0532 rspndr ( UnsignedFile.Multi.Generic ) - warning
19:17:29.0031 0532 rspndr - detected UnsignedFile.Multi.Generic (1)
19:17:29.0093 0532 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:17:29.0234 0532 RSVP - ok
19:17:29.0265 0532 [ DAAF657C0B5BD0595669496857040F75 ] RTSTOR C:\WINDOWS\system32\drivers\RTSTOR.SYS
19:17:29.0312 0532 RTSTOR - ok
19:17:29.0375 0532 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
19:17:29.0484 0532 SamSs - ok
19:17:29.0546 0532 [ BD26A150DC292913E48EE2B950372DFD ] Samsung UPD Service C:\WINDOWS\system32\SUPDSvc.exe
19:17:29.0578 0532 Samsung UPD Service - ok
19:17:29.0671 0532 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
19:17:29.0687 0532 SASDIFSV - ok
19:17:29.0703 0532 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
19:17:29.0718 0532 SASKUTIL - ok
19:17:29.0765 0532 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:17:29.0906 0532 SCardSvr - ok
19:17:29.0968 0532 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:17:30.0093 0532 Schedule - ok
19:17:30.0140 0532 [ 59A9EB4073A39895AF314780D0A032FA ] SE27bus C:\WINDOWS\system32\DRIVERS\SE27bus.sys
19:17:30.0140 0532 SE27bus ( UnsignedFile.Multi.Generic ) - warning
19:17:30.0140 0532 SE27bus - detected UnsignedFile.Multi.Generic (1)
19:17:30.0187 0532 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:17:30.0296 0532 Secdrv - ok
19:17:30.0359 0532 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
19:17:30.0468 0532 seclogon - ok
19:17:30.0515 0532 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
19:17:30.0656 0532 SENS - ok
19:17:30.0687 0532 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
19:17:30.0828 0532 Serial - ok
19:17:30.0859 0532 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:17:30.0968 0532 Sfloppy - ok
19:17:31.0046 0532 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:17:31.0187 0532 SharedAccess - ok
19:17:31.0234 0532 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:17:31.0265 0532 ShellHWDetection - ok
19:17:31.0281 0532 Simbad - ok
19:17:31.0500 0532 [ 2A99850C2A6EDD6C6602E822C716EDAF ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:17:31.0718 0532 Skype C2C Service - ok
19:17:31.0890 0532 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
19:17:31.0921 0532 SkypeUpdate - ok
19:17:31.0984 0532 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:17:32.0093 0532 SLIP - ok
19:17:32.0171 0532 [ B8C571FBF5A4B341A95CDF0DE74D7B11 ] smserial C:\WINDOWS\system32\DRIVERS\smserial.sys
19:17:32.0281 0532 smserial - ok
19:17:32.0296 0532 Sparrow - ok
19:17:32.0359 0532 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys
19:17:32.0375 0532 speedfan - ok
19:17:32.0421 0532 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:17:32.0546 0532 splitter - ok
19:17:32.0609 0532 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:17:32.0656 0532 Spooler - ok
19:17:32.0718 0532 [ D390675B8CE45E5FB359338E5E649329 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
19:17:32.0781 0532 sptd - ok
19:17:32.0796 0532 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:17:32.0921 0532 sr - ok
19:17:33.0015 0532 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
19:17:33.0156 0532 srservice - ok
19:17:33.0187 0532 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:17:33.0296 0532 Srv - ok
19:17:33.0359 0532 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:17:33.0484 0532 SSDPSRV - ok
19:17:33.0531 0532 [ 5EC550B8952882EE856B862CF648522D ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:17:33.0546 0532 ssmdrv - ok
19:17:33.0609 0532 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:17:33.0765 0532 stisvc - ok
19:17:33.0796 0532 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:17:33.0921 0532 streamip - ok
19:17:33.0953 0532 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:17:34.0078 0532 swenum - ok
19:17:34.0109 0532 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:17:34.0218 0532 swmidi - ok
19:17:34.0281 0532 SwPrv - ok
19:17:34.0296 0532 symc810 - ok
19:17:34.0312 0532 symc8xx - ok
19:17:34.0359 0532 [ 3C6790D26D03FE5163E2BEC490E51A7E ] SymEvent C:\Programme\Symantec\SYMEVENT.SYS
19:17:34.0375 0532 SymEvent - ok
19:17:34.0390 0532 sym_hi - ok
19:17:34.0406 0532 sym_u3 - ok
19:17:34.0437 0532 [ 69BF2DD9B1099D1AA3E7CF14B4B842CD ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:17:34.0515 0532 SynTP - ok
19:17:34.0546 0532 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:17:34.0671 0532 sysaudio - ok
19:17:34.0750 0532 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:17:34.0890 0532 SysmonLog - ok
19:17:34.0953 0532 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:17:35.0093 0532 TapiSrv - ok
19:17:35.0140 0532 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:17:35.0203 0532 Tcpip - ok
19:17:35.0265 0532 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:17:35.0375 0532 TDPIPE - ok
19:17:35.0390 0532 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:17:35.0515 0532 TDTCP - ok
19:17:35.0546 0532 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:17:35.0656 0532 TermDD - ok
19:17:35.0718 0532 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
19:17:35.0859 0532 TermService - ok
19:17:35.0921 0532 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:17:35.0937 0532 Themes - ok
19:17:36.0000 0532 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:17:36.0125 0532 TlntSvr - ok
19:17:36.0140 0532 TosIde - ok
19:17:36.0203 0532 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:17:36.0343 0532 TrkWks - ok
19:17:36.0375 0532 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:17:36.0484 0532 Udfs - ok
19:17:36.0593 0532 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
19:17:36.0609 0532 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
19:17:36.0609 0532 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
19:17:36.0625 0532 ultra - ok
19:17:36.0687 0532 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:17:36.0828 0532 Update - ok
19:17:36.0890 0532 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:17:37.0031 0532 upnphost - ok
19:17:37.0078 0532 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
19:17:37.0203 0532 UPS - ok
19:17:37.0234 0532 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
19:17:37.0281 0532 USBAAPL - ok
19:17:37.0312 0532 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:17:37.0437 0532 usbaudio - ok
19:17:37.0453 0532 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:17:37.0578 0532 usbccgp - ok
19:17:37.0609 0532 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:17:37.0718 0532 usbehci - ok
19:17:37.0750 0532 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:17:37.0890 0532 usbhub - ok
19:17:37.0921 0532 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:17:38.0031 0532 usbohci - ok
19:17:38.0078 0532 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:17:38.0203 0532 usbprint - ok
19:17:38.0218 0532 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:17:38.0343 0532 usbscan - ok
19:17:38.0359 0532 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:17:38.0484 0532 usbstor - ok
19:17:38.0515 0532 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:17:38.0640 0532 VgaSave - ok
19:17:38.0656 0532 ViaIde - ok
19:17:38.0687 0532 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:17:38.0812 0532 VolSnap - ok
19:17:38.0906 0532 [ 18507BDC6C15BD464DE9AB18B6AF1C23 ] vpnagent C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
19:17:38.0953 0532 vpnagent - ok
19:17:38.0968 0532 [ FDDAFA1C89B0B07494AF5879F7ECE857 ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
19:17:38.0984 0532 vpnva - ok
19:17:39.0078 0532 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
19:17:39.0218 0532 VSS - ok
19:17:39.0265 0532 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
19:17:39.0406 0532 W32Time - ok
19:17:39.0437 0532 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:17:39.0562 0532 Wanarp - ok
19:17:39.0578 0532 WDICA - ok
19:17:39.0609 0532 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:17:39.0750 0532 wdmaud - ok
19:17:39.0796 0532 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:17:39.0937 0532 WebClient - ok
19:17:40.0000 0532 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:17:40.0125 0532 winmgmt - ok
19:17:40.0187 0532 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:17:40.0234 0532 WmdmPmSN - ok
19:17:40.0296 0532 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:17:40.0406 0532 Wmi - ok
19:17:40.0437 0532 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:17:40.0578 0532 WmiApSrv - ok
19:17:40.0687 0532 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
19:17:40.0796 0532 WMPNetworkSvc - ok
19:17:40.0843 0532 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:17:41.0000 0532 WS2IFSL - ok
19:17:41.0125 0532 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:17:41.0265 0532 wscsvc - ok
19:17:41.0296 0532 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:17:41.0421 0532 WSTCODEC - ok
19:17:41.0500 0532 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:17:41.0625 0532 wuauserv - ok
19:17:41.0671 0532 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:17:41.0687 0532 WudfPf - ok
19:17:41.0703 0532 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:17:41.0734 0532 WudfRd - ok
19:17:41.0812 0532 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:17:41.0843 0532 WudfSvc - ok
19:17:41.0906 0532 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:17:42.0078 0532 WZCSVC - ok
19:17:42.0140 0532 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:17:42.0265 0532 xmlprov - ok
19:17:42.0281 0532 ================ Scan global ===============================
19:17:42.0390 0532 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
19:17:42.0515 0532 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:17:42.0593 0532 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:17:42.0656 0532 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
19:17:42.0656 0532 [Global] - ok
19:17:42.0656 0532 ================ Scan MBR ==================================
19:17:42.0687 0532 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
19:17:42.0921 0532 \Device\Harddisk0\DR0 - ok
19:17:42.0921 0532 ================ Scan VBR ==================================
19:17:42.0921 0532 [ D9EC8C4A659D1AFB1A543A22BDDAA6B5 ] \Device\Harddisk0\DR0\Partition1
19:17:42.0921 0532 \Device\Harddisk0\DR0\Partition1 - ok
19:17:42.0937 0532 [ 6C84868757949F188DDEBAB3A3D0E0B6 ] \Device\Harddisk0\DR0\Partition2
19:17:42.0937 0532 \Device\Harddisk0\DR0\Partition2 - ok
19:17:42.0937 0532 ============================================================
19:17:42.0937 0532 Scan finished
19:17:42.0937 0532 ============================================================
19:17:43.0078 0520 Detected object count: 10
19:17:43.0078 0520 Actual detected object count: 10
19:17:55.0312 0520 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0312 0520 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:55.0312 0520 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0312 0520 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:55.0312 0520 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0312 0520 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:55.0312 0520 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0312 0520 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:55.0312 0520 ipswuio ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0312 0520 ipswuio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:55.0328 0520 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0328 0520 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:55.0328 0520 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0328 0520 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:55.0328 0520 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0328 0520 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:55.0328 0520 SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0328 0520 SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:55.0328 0520 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0328 0520 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
19.11.2012, 19:57
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.11.2012, 20:06
| #14 |
| | Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? Hier ist die Logdatei: Code:
ATTFilter # AdwCleaner v2.008 - Datei am 19/11/2012 um 20:04:55 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : jens - DACHS
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\jens\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Programme\Conduit
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}
Schlüssel Gefunden : HKCU\Software\pdfforge.org
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\pdfforge.org
Schlüssel Gefunden : HKU\S-1-5-21-906765128-4224003750-1731297779-1004\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}
Schlüssel Gefunden : HKU\S-1-5-21-906765128-4224003750-1731297779-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [1944 octets] - [19/11/2012 20:04:55]
########## EOF - C:\AdwCleaner[R1].txt - [2004 octets] ##########
|
|
19.11.2012, 20:17
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? Versuch bitte alle im adwCleaner-Log erwähnten Einträge (wie zB conduit oder pdfforge.org) über die Systemsteuerung zu deinstallieren, danach ein neues Suchlog mit dem adwCleaner machen. Reste und was sich nicht deinstallieren lassen will machen wir mit dem adwCleaner weg.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? |
| 0xc0000001, adobe, antivirus, application/pdf:, avast, avira, bho, bonjour, brief, converter, e-banking, error, fehler, firefox, flash player, gefährlich?, gen-nullo, infizierte, install.exe, jdownloader, load.tubes, mozilla, mp3, object, photoshop, plug-in, realtek, rundll, software, starten, superantispyware, symantec, trojaner, udp, usb 2.0, windows internet, wlan, wscript.exe |
Linear-Darstellung
