| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner AAJX (?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.03.2013, 21:52
| #1 |
| |  Trojaner AAJX (?) Hallo liebe Trojaner-Experten. Ich habe wohl ein Trojanerproblem. Ich habe bis heute Sophos Anti-Virus benutzt, das seit ca. Mitte letzter Woche wiederholt eine Meldung gezeigt hat, dass es einen Trojaner namens AAJX (den ganzen Namen habe ich mir leider nicht aufgeschrieben :/) in Quarantäne gesteckt hat, auch während ich gerade nicht im Internet gesurft habe oder Ähnliches. Ich habe daraus geschlossen, dass ich mir irgendeine Schadsoftware eingefangen habe, die Trojaner herunterlädt. Daraufhin habe ich einen Systemscan gemacht, wobei Sophos jedoch ebenfalls nur diesen Trojaner gefunden und in Quarantäne gesteckt hat. Danach wurde mir jedoch abermals diese Meldung gezeigt, weshalb ich der Ansicht war, dass die Ursache dadurch wohl nicht beseitigt war. Daraufhin habe ich heute einen anderen Virenscanner ausprobieren wollen, da ja manche Schadprogramme von den einen nicht gefunden werden, von den anderen aber doch, und habe mir AntiVir heruntergeladen. Dieses hat jedoch bei der Untersuchung keinerlei auffällige Objekte gefunden. Allerdings spielt mein Rechner seitdem ich Sophos durch AntiVir ausgetauscht habe, verrückt. Es stürzen häufig Programme ab, z.B. CorelDraw oder auch Word, wenn ich nur einen Text eingebe und sonst nichts Besonderes mache. Einemal ist auch der Rechner komplett eingefroren und es half nur der Reset-Knopf. War wohl keine gute Idee, Sophos durch AntiVir auszutauschen. Mein Computer ist jetzt allerding vom Internet getrennt, sodass es wohl nicht schlimmer werden wird. Daher wende ich mich jetzt an euch und hoffe, dass ihr mir helfen könnt. Anbei findet ihr die Logdateien von OTL und GMER. Da ich Sophos bereits deinstalliert habe und dabei anscheinend die Logs und Quarantäne-Objekte gelöscht wurden, kann ich leider das Sophos-Log nicht posten. AntiVir hat wie gesagt nichts gefunden. OTL.txt Code:
ATTFilter OTL logfile created on: 3/4/2013 8:04:23 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 77.70% Memory free 5.09 Gb Paging File | 4.38 Gb Available in Paging File | 86.10% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 97.65 Gb Total Space | 68.98 Gb Free Space | 70.64% Space Free | Partition Type: NTFS Drive E: | 295.94 Gb Total Space | 248.58 Gb Free Space | 83.99% Space Free | Partition Type: FAT32 Drive F: | 50.00 Gb Total Space | 16.95 Gb Free Space | 33.91% Space Free | Partition Type: EXT3 Drive G: | 983.22 Mb Total Space | 322.52 Mb Free Space | 32.80% Space Free | Partition Type: FAT Computer Name: FB08-PC-THEO3 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/04 20:01:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2013/03/04 15:18:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013/03/04 15:18:09 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013/03/04 15:18:09 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013/03/04 15:18:08 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/01/20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2011/02/05 09:12:42 | 001,211,536 | ---- | M] (Ext2Fsd Group (www.ext2fsd.com)) -- C:\Programme\Ext2Fsd\Ext2Mgr.exe PRC - [2010/06/17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2009/11/20 12:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009/10/15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Programme\Gigabyte\EasySaver\essvr.exe PRC - [2008/04/14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/09/07 19:16:50 | 000,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe PRC - [2007/09/07 19:16:18 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe ========== Modules (No Company Name) ========== MOD - [2013/03/04 15:18:17 | 000,397,704 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012/06/15 09:56:06 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012/06/15 07:56:18 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012/06/15 07:56:12 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012/06/15 07:54:53 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012/05/15 10:48:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012/05/15 10:48:23 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll MOD - [2012/05/14 16:36:10 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012/05/14 16:35:12 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012/05/14 16:35:07 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2010/12/13 17:48:40 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3561.39056__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2010/12/13 17:48:40 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3561.39154__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010/12/13 17:48:40 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3561.39032__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010/12/13 17:48:40 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3561.39058__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010/12/13 17:48:40 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3561.39129__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010/12/13 17:48:40 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3561.39101__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010/12/13 17:48:40 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3561.39051__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010/12/13 17:48:40 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3561.39088__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010/12/13 17:48:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3561.39043__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010/12/13 17:48:40 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3561.39171__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2010/12/13 17:48:40 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3561.39171__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2010/12/13 17:48:40 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3561.39177__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2010/12/13 17:48:40 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3561.39171__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,823,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3561.39091__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,643,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3561.39169__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3561.39122__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010/12/13 17:48:39 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3561.39109__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3561.39058__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3561.39110__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010/12/13 17:48:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3561.39090__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010/12/13 17:48:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3561.39098__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3561.39168__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2010/12/13 17:48:39 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3561.39042__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3561.39108__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010/12/13 17:48:39 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3561.39057__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3561.39156__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3561.39097__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010/12/13 17:48:39 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3561.39056__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2010/12/13 17:48:38 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3561.39060__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:38 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3561.39045__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:38 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3561.39090__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:38 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3561.39084__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:38 | 000,286,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared\2.0.3561.39079__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.dll MOD - [2010/12/13 17:48:38 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:38 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3561.39089__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010/12/13 17:48:38 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3561.39064__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010/12/13 17:48:38 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3561.39090__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010/12/13 17:48:38 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3552.26984__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010/12/13 17:48:38 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3561.39099__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010/12/13 17:48:38 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3552.26991__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010/12/13 17:48:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3552.27105__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010/12/13 17:48:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3552.27103__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010/12/13 17:48:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3552.27197__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010/12/13 17:48:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010/12/13 17:48:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3552.27220__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010/12/13 17:48:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3552.27317__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010/12/13 17:48:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3552.27306__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010/12/13 17:48:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3552.27206__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010/12/13 17:48:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3552.27300__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010/12/13 17:48:38 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010/12/13 17:48:37 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3561.39190__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010/12/13 17:48:37 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3552.27161__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3552.27021__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010/12/13 17:48:37 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3552.27258__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3552.27311__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3552.27249__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3552.27257__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3552.27248__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3552.27248__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010/12/13 17:48:37 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3561.39162__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010/12/13 17:48:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3552.27288__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3552.27255__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3552.27219__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3552.27381__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010/12/13 17:48:37 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3552.27244__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3552.27239__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3552.27198__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3552.27119__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010/12/13 17:48:37 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3552.27251__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2010/12/13 17:48:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3552.27139__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010/12/13 17:48:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3552.27059__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010/12/13 17:48:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3552.27243__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3552.27208__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3552.27204__90ba9c70f846762e\APM.Foundation.dll MOD - [2010/12/13 17:48:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3552.27237__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010/12/13 17:48:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010/12/13 17:48:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3552.27169__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010/12/13 17:48:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3552.27242__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010/12/13 17:48:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3552.27179__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010/12/13 17:48:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3552.27107__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010/12/13 17:48:37 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2010/12/13 17:48:37 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3561.39028__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010/12/13 17:48:36 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3561.39038__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010/12/13 17:48:36 | 000,561,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3561.39141__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010/12/13 17:48:36 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3561.39050__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010/12/13 17:48:36 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3561.39147__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010/12/13 17:48:36 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3561.39145__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010/12/13 17:48:36 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3561.39029__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010/12/13 17:48:36 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3561.39027__90ba9c70f846762e\APM.Server.dll MOD - [2010/12/13 17:48:36 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3561.39031__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010/12/13 17:48:36 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3552.27176__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010/12/13 17:48:36 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3561.39028__90ba9c70f846762e\AEM.Server.dll MOD - [2010/12/13 17:48:36 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3552.27044__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010/12/13 17:48:36 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3552.27135__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010/12/13 17:48:36 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3552.27085__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010/12/13 17:48:36 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010/12/13 17:48:36 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3552.27184__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010/12/13 17:48:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3552.27098__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010/12/13 17:48:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3552.27177__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010/12/13 17:48:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3552.27195__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010/12/13 17:48:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3552.27265__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010/12/13 17:48:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private\2.0.3552.27287__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.dll MOD - [2010/12/13 17:48:36 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3561.39147__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010/12/13 17:48:36 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2010/12/13 17:32:49 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/12/13 17:32:47 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/06/17 21:56:52 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2009/10/01 16:45:50 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Programme\Gigabyte\EasySaver\essvr.exe MOD - [2009/06/27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Programme\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2009/03/13 11:30:44 | 000,109,096 | ---- | M] () -- C:\Programme\Gigabyte\EasySaver\ycc.dll MOD - [2005/11/14 14:43:58 | 000,029,152 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\FSPPMFP.DLL ========== Services (SafeList) ========== SRV - [2013/03/04 15:18:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/03/04 15:18:09 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2013/03/04 15:18:09 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/02/29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Programme\Gigabyte\EasySaver\essvr.exe -- (ES lite Service) SRV - [2007/09/07 19:16:18 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013/03/04 15:34:39 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2013/03/04 15:18:20 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2013/03/04 15:18:20 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013/03/04 15:18:20 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013/03/04 15:18:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011/07/09 01:32:52 | 000,686,360 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ext2fsd.sys -- (Ext2Fsd) DRV - [2011/01/19 12:55:37 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv) DRV - [2010/12/15 09:54:11 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\etdrv.sys -- (etdrv) DRV - [2010/04/27 11:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger) DRV - [2010/04/06 11:13:04 | 005,912,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2010/03/22 09:30:22 | 000,222,672 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2010/01/27 09:58:32 | 000,098,928 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID) DRV - [2010/01/27 04:05:00 | 004,078,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService) DRV - [2009/11/20 12:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2009/11/20 12:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009/11/18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009/11/18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009/10/02 05:09:20 | 004,486,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009/08/19 13:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2008/09/25 17:35:24 | 000,181,120 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ext2fs.sys -- (Ext2fs) DRV - [2008/08/28 22:45:58 | 000,051,072 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ifsmount.sys -- (IfsMount) DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2007/02/16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007/02/16 19:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2007/02/16 01:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=drive&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{80A15D79-8D1E-4bff-8422-F2400AD927CC}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 IE - HKCU\..\SearchScopes\{836349EA-E90F-4c0c-A739-6BFF46F49E8B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH IE - HKCU\..\SearchScopes\{E82C261E-58CE-48e4-B2EB-9A696456CD4D}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Programme\Gemeinsame Dateien\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll (Wolfram Research, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2011/06/14 11:42:59 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrchdrive.xml O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com) O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCU] C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [Ext2 Volume Manager] C:\Programme\Ext2Fsd\Ext2Mgr.exe (Ext2Fsd Group (www.ext2fsd.com)) O4 - HKLM..\Run: [facemoods] C:\Programme\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Create Synchronicity - Scheduler] C:\Programme\Create Software\Create Synchronicity\Create Synchronicity.exe (Create Software) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1292259211609 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = phys.chemie.uni-giessen.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E33206E3-1971-433C-8C47-E6F4083C25A4}: NameServer = 134.176.2.5,134.176.2.7 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: E:\Daten\Europa_neu.png O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/12/13 16:30:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/03/04 20:02:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2013/03/04 15:49:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2013/03/04 15:49:43 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft [2013/03/04 15:42:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2013/03/04 15:32:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2013/03/04 15:29:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira [2013/03/04 15:20:26 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2013/03/04 15:20:23 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013/03/04 15:20:23 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013/03/04 15:20:23 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2013/03/04 15:20:22 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2013/03/04 15:20:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2013/03/04 11:17:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Sophos [2013/02/28 15:07:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Cygwin [2013/02/28 14:30:12 | 000,000,000 | ---D | C] -- C:\temp [2013/02/28 14:29:54 | 000,000,000 | ---D | C] -- C:\Programme\cygwin [2013/02/28 14:21:14 | 000,686,360 | ---- | C] (www.ext2fsd.com) -- C:\WINDOWS\System32\drivers\ext2fsd.sys [2013/02/28 14:21:14 | 000,000,000 | ---D | C] -- C:\Programme\Ext2Fsd [2013/02/28 14:21:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ext2Fsd [2013/02/28 14:03:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nyolr [2013/02/28 14:03:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Azbya [2013/02/28 14:03:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Aqde [2013/02/06 10:55:21 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/04 20:02:09 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2013/03/04 20:01:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2013/03/04 18:14:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\cedt.INI [2013/03/04 18:09:59 | 000,000,770 | ---- | M] () -- C:\WINDOWS\hpbafd.ini [2013/03/04 15:35:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/03/04 15:34:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/03/04 15:18:20 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013/03/04 15:18:20 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013/03/04 15:18:20 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2013/03/04 15:18:20 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2013/03/04 13:46:21 | 012,473,544 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\StructurePlot.rar [2013/03/01 13:38:03 | 010,641,272 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\HCl_oxidation_raster.pdf [2013/02/28 17:23:52 | 019,116,030 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\HCl_oxidation_v0.8_vorab_AttilA.pdf [2013/02/28 16:10:36 | 000,000,218 | ---- | M] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel [2013/02/28 16:02:07 | 000,000,043 | ---- | M] () -- C:\WINDOWS\gswin32.ini [2013/02/28 15:37:53 | 004,605,029 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Grafik2.png [2013/02/28 15:31:00 | 000,142,887 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Vache_encre.jpg [2013/02/07 12:04:03 | 005,391,904 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\AM Diss.pdf [2013/02/06 13:13:08 | 000,086,096 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Board_x16.png [2013/02/06 10:55:57 | 000,001,065 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/04 20:02:09 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2013/03/04 13:46:19 | 012,473,544 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\StructurePlot.rar [2013/03/01 13:37:42 | 010,641,272 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\HCl_oxidation_raster.pdf [2013/02/28 17:23:42 | 019,116,030 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\HCl_oxidation_v0.8_vorab_AttilA.pdf [2013/02/28 16:10:36 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel [2013/02/28 15:37:50 | 004,605,029 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Grafik2.png [2013/02/28 15:31:00 | 000,142,887 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Vache_encre.jpg [2013/02/07 12:03:45 | 005,391,904 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\AM Diss.pdf [2013/02/06 13:13:05 | 000,086,096 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Board_x16.png [2013/02/06 10:55:57 | 000,001,065 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk [2012/06/11 17:02:09 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/16 09:21:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/10/13 09:52:48 | 000,000,770 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2011/06/14 11:45:24 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2011/05/26 16:41:03 | 000,000,017 | ---- | C] () -- C:\WINDOWS\DOSINST.INI [2011/04/28 11:08:39 | 000,193,190 | ---- | C] () -- C:\WINDOWS\hphins34.dat [2011/04/28 11:08:39 | 000,000,532 | ---- | C] () -- C:\WINDOWS\hphmdl34.dat [2011/04/27 13:00:58 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2011/03/23 09:42:39 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2011/03/23 09:42:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2011/03/08 11:29:48 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat ========== ZeroAccess Check ========== [2010/12/13 17:31:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010/09/09 15:17:08 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/07/10 10:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Advanced Chemistry Development [2011/03/23 09:42:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF [2013/03/04 15:28:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos [2011/11/18 12:48:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.minecraft [2012/07/10 10:10:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Advanced Chemistry Development [2013/03/04 11:14:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Aqde [2013/02/28 14:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Azbya [2012/02/07 12:37:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Crayon Physics Deluxe [2013/03/04 17:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox [2011/06/14 11:49:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\facemoods.com [2010/12/15 09:31:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\fltk.org [2012/07/13 09:03:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0 [2012/09/12 15:02:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\inkscape [2010/12/15 09:25:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IrfanView [2012/03/08 13:32:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Jasc [2013/03/01 09:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nyolr [2010/12/15 09:19:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org [2010/12/13 17:44:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2012/06/11 11:23:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Trillian ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 3/4/2013 8:04:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
3.25 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 77.70% Memory free
5.09 Gb Paging File | 4.38 Gb Available in Paging File | 86.10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97.65 Gb Total Space | 68.98 Gb Free Space | 70.64% Space Free | Partition Type: NTFS
Drive E: | 295.94 Gb Total Space | 248.58 Gb Free Space | 83.99% Space Free | Partition Type: FAT32
Drive F: | 50.00 Gb Total Space | 16.95 Gb Free Space | 33.91% Space Free | Partition Type: EXT3
Drive G: | 983.22 Mb Total Space | 322.52 Mb Free Space | 32.80% Space Free | Partition Type: FAT
Computer Name: FB08-PC-THEO3 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Settlers Freaks\Return To The Roots\S2\s25client.exe" = C:\Programme\Settlers Freaks\Return To The Roots\S2\s25client.exe:*:Enabled:s25client
"C:\Programme\Wolfram Research\Mathematica\8.0\Mathematica.exe" = C:\Programme\Wolfram Research\Mathematica\8.0\Mathematica.exe:*:Enabled:Wolfram Mathematica 8 for Students -- (Wolfram Research, Inc.)
"C:\Programme\Wolfram Research\Mathematica\8.0\MathKernel.exe" = C:\Programme\Wolfram Research\Mathematica\8.0\MathKernel.exe:*:Enabled:Wolfram Mathematica 8 for Students Kernel -- (Wolfram Research, Inc.)
"C:\Programme\Wolfram Research\Mathematica\8.0\math.exe" = C:\Programme\Wolfram Research\Mathematica\8.0\math.exe:*:Enabled:math.exe -- (Wolfram Research, Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{106EEA42-249B-97B6-827E-D79C677A7284}" = CCC Help Spanish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1AB2519C-B340-4B0C-9F81-BCF32A842EBF}_is1" = Crayon Physics Deluxe Demo version 55_demo
"{1AEC8B94-C25D-E93E-C60C-ED2736782633}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{2090AAD2-D129-375A-8152-93AE4EBDEF11}" = ccc-core-static
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{267117C0-779A-4BD2-1D33-AD569C43D93B}" = CCC Help Czech
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37DC95F1-D521-23A7-313C-D6789F3EAE24}" = CCC Help Finnish
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B1BD294-2747-6271-6F47-82A640A3A9E9}" = Catalyst Control Center Localization All
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3E9CDBD5-DBF7-0D39-4A3B-0535B0A7FBA7}" = CCC Help Danish
"{40FC81EA-21F7-44FB-A6F2-A4D6328F4C4F}" = CorelDRAW Graphics Suite X4 - Lang SU
"{4552B6C7-2175-15BA-AE39-7B4FB594AE4D}" = CCC Help French
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{4685E2C0-838E-2D49-E561-5870D57C2112}" = CCC Help English
"{4D842445-947A-975F-02B9-E87A0956DA14}" = CCC Help German
"{4E61CAD2-655B-5884-DE11-4C27FA952D1E}" = CCC Help Chinese Standard
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56E4D082-46F8-99B4-4E43-C6B79677968F}" = Catalyst Control Center Graphics Previews Common
"{57396CE7-B938-D86E-B3C2-450FA8212BA6}" = CCC Help Swedish
"{575471C8-A90D-9AEB-DD5F-D68D0536482A}" = ccc-utility
"{57C4B076-86E5-43B0-8541-EAE047B1F745}" = NEO wissenschaftlich v1.03
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{62540657-7F15-A129-AD00-345CA1685095}" = CCC Help Japanese
"{64FAC270-6C96-2579-0398-E92A29F31796}" = CCC Help Russian
"{6834B8AE-D23B-4B26-A919-6515844CF2BA}" = CorelDRAW Graphics Suite X4 - Lang PL
"{6F3ECAC9-BB76-C8A8-8DFD-754633F965D1}" = Catalyst Control Center Core Implementation
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{7BFAE5A7-5EDC-D120-7FA4-96168AB8575D}" = CCC Help Turkish
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{7FF910CA-67F5-E39B-2F6A-8E8A7C17FFB3}" = CCC Help Dutch
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{905D6E0C-B378-8CF8-0681-31F38D78E204}" = ccc-core-preinstall
"{922D09F2-5A96-2ECB-BB71-493F23AD052B}" = Catalyst Control Center Graphics Light
"{97882553-D37E-F980-1ED0-0748A550D912}" = Catalyst Control Center Graphics Full Existing
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDA415B-974B-4384-8CA6-9327D5B4270B}" = CorelDRAW Graphics Suite X4 - Lang SV
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5670-0000-A00000000003}" = Korean Fonts Support For Adobe Reader X
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{AF16488F-1EAB-5AF1-54D4-59BBAEFA4F48}" = Catalyst Control Center Graphics Full New
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BEECCA33-C880-4648-A043-18614EE1249E}" = ATI AVIVO Codecs
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4D31726-3698-7CA1-EA46-BEE1B1E2ECA2}" = CCC Help Hungarian
"{C5E2A972-51E3-6B56-6B01-F7D21256F864}" = CCC Help Greek
"{C63DCEC6-814B-48DA-82F5-85BE5582CAAD}" = VMD 1.8.7
"{C73FBCE6-B6BF-FDFE-AF76-566A49937FE2}" = CCC Help Portuguese
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"{C95193C0-29BC-F95E-1D1A-F5346BA45091}" = CCC Help Polish
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CBCA600F-6B90-416D-9D19-477758C40946}" = DJ_SF_06_D5500_SW_Min
"{CD468D28-B317-7038-E384-34E347CD5CAA}" = CCC Help Korean
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D96F5244-BBFF-04F9-4E20-78CFE08AD01A}" = CCC Help Thai
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{E85A7628-5420-A5E2-3E6E-8A314C6930F3}" = CCC Help Italian
"{EDFB291E-CFF7-9A67-3948-4DC57D9DB3A6}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA930901-0E74-F94E-B36B-057B55194E00}" = Skins
"{FE2243EE-7C32-C90A-DDF8-75067F45A68D}" = Catalyst Control Center HydraVision Full
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE45D881-F9B6-40C0-A833-8CAF92094AB3}" = HP Deskjet D5500 Printer Driver 14.0 Rel. 6
"{FE970D71-EE17-4399-AD9A-97BE995FF5C1}" = Return To The Roots
"{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ
"77700cfgRS232" = 77700cfgRS232
"7-Zip" = 7-Zip 9.20
"ACDLabs in C__Programme_ACDFREE12_" = ACD/Labs Software in C:\Programme\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"A-WIN-Extras 8.0.1 2063897_is1" = Mathematica Extras 8.0 (2063897)
"Crimson Editor SVN286" = Crimson Editor SVN286
"Enable S3 for USB Device" = Enable S3 for USB Device
"Ext2Fsd_is1" = Ext2Fsd 0.51
"Ext2Ifs_for_NT501" = Ext2 IFS 1.11a for Windows XP
"facemoods" = Facemoods Toolbar
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.01" = GPL Ghostscript 9.01
"ie8" = Windows Internet Explorer 8
"ImageMagick 6.6.3 Q16_is1" = ImageMagick 6.6.3-2 Q16 (2010-07-30)
"Inkscape" = Inkscape 0.48.2
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.9" = MiKTeX 2.9
"MonosUtility" = MonosUtility
"M-WIN-G 8.0.1 2063988_is1" = Wolfram Mathematica 8 for Students (M-WIN-G 8.0.1 2063988)
"NI LabVIEW Run-Time Engine 5.1" = NI LabVIEW Run-Time Engine 5.1
"Opera 12.14.1738" = Opera 12.14
"Pen Tablet Driver" = Stifttablett
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Trillian" = Trillian
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/16/2012 12:47:47 PM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung opera.exe, Version 12.2.1578.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 12/4/2012 7:47:22 AM | Computer Name = FB08-PC-THEO3 | Source = MsiInstaller | ID = 11609
Description =
Error - 2/6/2013 5:51:12 AM | Computer Name = FB08-PC-THEO3 | Source = MsiInstaller | ID = 11609
Description =
Error - 2/28/2013 7:01:25 AM | Computer Name = FB08-PC-THEO3 | Source = MsiInstaller | ID = 11609
Description =
Error - 3/1/2013 8:27:00 AM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CorelDRW.exe, Version 14.0.0.653, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 3/4/2013 8:54:43 AM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung trillian.exe, Version 5.1.0.20, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 3/4/2013 10:39:10 AM | Computer Name = FB08-PC-THEO3 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mathkernel.exe, Version 8.0.31.32127, fehlgeschlagenes
Modul mathdll.dll, Version 8.0.31.32127, Fehleradresse 0x003354ca.
Error - 3/4/2013 12:21:23 PM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CorelDRW.exe, Version 14.0.0.653, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 3/4/2013 12:33:12 PM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CorelDRW.exe, Version 14.0.0.653, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 3/4/2013 12:52:20 PM | Computer Name = FB08-PC-THEO3 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.8345.0, stamp 4f3c32b8,
faulting module winword.exe, version 11.0.8345.0, stamp 4f3c32b8, debug? 0, fault
address 0x00075a75.
[ Application Events ]
Error - 10/16/2012 12:47:47 PM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung opera.exe, Version 12.2.1578.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 12/4/2012 7:47:22 AM | Computer Name = FB08-PC-THEO3 | Source = MsiInstaller | ID = 11609
Description =
Error - 2/6/2013 5:51:12 AM | Computer Name = FB08-PC-THEO3 | Source = MsiInstaller | ID = 11609
Description =
Error - 2/28/2013 7:01:25 AM | Computer Name = FB08-PC-THEO3 | Source = MsiInstaller | ID = 11609
Description =
Error - 3/1/2013 8:27:00 AM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CorelDRW.exe, Version 14.0.0.653, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 3/4/2013 8:54:43 AM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung trillian.exe, Version 5.1.0.20, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 3/4/2013 10:39:10 AM | Computer Name = FB08-PC-THEO3 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mathkernel.exe, Version 8.0.31.32127, fehlgeschlagenes
Modul mathdll.dll, Version 8.0.31.32127, Fehleradresse 0x003354ca.
Error - 3/4/2013 12:21:23 PM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CorelDRW.exe, Version 14.0.0.653, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 3/4/2013 12:33:12 PM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CorelDRW.exe, Version 14.0.0.653, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 3/4/2013 12:52:20 PM | Computer Name = FB08-PC-THEO3 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.8345.0, stamp 4f3c32b8,
faulting module winword.exe, version 11.0.8345.0, stamp 4f3c32b8, debug? 0, fault
address 0x00075a75.
[ System Events ]
Error - 9/12/2012 9:50:24 AM | Computer Name = FB08-PC-THEO3 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Windows
Installer.
Error - 9/12/2012 9:50:24 AM | Computer Name = FB08-PC-THEO3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 9/19/2012 8:00:24 AM | Computer Name = FB08-PC-THEO3 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FB08-LEED1",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{ED892D39-DAD8-409-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 12/7/2012 4:40:44 AM | Computer Name = FB08-PC-THEO3 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "MSIServer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {000C101C-0000-0000-C000-000000000046}
Error - 12/7/2012 4:40:45 AM | Computer Name = FB08-PC-THEO3 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Windows
Installer.
Error - 12/7/2012 4:40:45 AM | Computer Name = FB08-PC-THEO3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 3/4/2013 10:25:44 AM | Computer Name = FB08-PC-THEO3 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Avira Planer" wurde nicht ordnungsgemäß gestartet.
Error - 3/4/2013 10:26:04 AM | Computer Name = FB08-PC-THEO3 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
Starten Sie den Dienst neu..
Error - 3/4/2013 3:01:46 PM | Computer Name = FB08-PC-THEO3 | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
Bibliothek Kingston DataTraveler II+ USB Device nicht laden.
Error - 3/4/2013 3:01:47 PM | Computer Name = FB08-PC-THEO3 | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
Bibliothek Kingston DataTraveler II+ USB Device nicht laden.
< End of report >
Log von gmer: Code:
ATTFilter GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-04 21:44:02
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Hitachi_HDS721050CLA362 rev.JP2OA3EA 465.76GB
Running: gmer_2.1.19115.exe; Driver: C:\DOKUME~1\FRANZI~1\LOKALE~1\Temp\kxtdrkog.sys
---- System - GMER 2.1 ----
SSDT F7B1B874 ZwClose
SSDT F7B1B82E ZwCreateKey
SSDT F7B1B87E ZwCreateSection
SSDT F7B1B824 ZwCreateThread
SSDT F7B1B833 ZwDeleteKey
SSDT F7B1B83D ZwDeleteValueKey
SSDT F7B1B86F ZwDuplicateObject
SSDT F7B1B842 ZwLoadKey
SSDT F7B1B810 ZwOpenProcess
SSDT F7B1B815 ZwOpenThread
SSDT F7B1B897 ZwQueryValueKey
SSDT F7B1B84C ZwReplaceKey
SSDT F7B1B888 ZwRequestWaitReplyPort
SSDT F7B1B847 ZwRestoreKey
SSDT F7B1B883 ZwSetContextThread
SSDT F7B1B88D ZwSetSecurityObject
SSDT F7B1B838 ZwSetValueKey
SSDT F7B1B892 ZwSystemDebugControl
SSDT F7B1B81F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF24A8000, 0x220617, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
 |
|
04.03.2013, 22:02
| #2 |
| /// Malware-holic   | Trojaner AAJX (?) hi
__________________öffne mal sophos, da sollte die Meldung mit Pfadangabe zu finden sein
__________________ |
|
04.03.2013, 22:16
| #3 |
| | Trojaner AAJX (?) Wie gesagt, ich habe Sophos bereits deinstalliert. Ich kann es jetzt auch nicht neuinstallieren, da es in unserer Universität nur per Netzwerkressource verfügbar ist und ich keine große Lust habe, meinen Computer wieder mit dem Netzwerk zu verbinden :/
__________________Aber ich werde mal die Festplatte danach durchsuchen. edit: Es war nun doch ohne große Schmerzen auffindbar. Ich habe die Stelle rot markiert. Code:
ATTFilter 20130304 101707 Scan 'Scan my computer' started.
20130304 103048 File "C:\System Volume Information\_restore{76818B70-6110-4AD0-A1ED-5E1FC1DDA7FE}\RP175\A0144953.exe" belongs to virus/spyware 'Troj/Agent-AAJX'.
20130304 103853 Scanning "F:\franziska\Dokumente\Literatur\Ru(0001)\Real-time STM observations of atomic equilibrium fluctuations in an adsorbate system" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 103909 Scanning "F:\franziska\bin\XCrySDen\otherLICENSES\Togl" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 103909 Scanning "F:\franziska\bin\XCrySDen\otherLICENSES\TclTk" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 103909 Scanning "F:\franziska\bin\XCrySDen\otherLICENSES\BWidget" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 103909 Scanning "F:\franziska\bin\XCrySDen\otherLICENSES\LGPL" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 103909 Scanning "F:\franziska\bin\XCrySDen\otherLICENSES\GL2PS" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 103909 Scanning "F:\franziska\bin\XCrySDen\otherLICENSES\Mesa" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 104201 Scanning "F:\franziska\Dokumente\Literatur\RuO2(110)\HCl oxidation\In situ studies of the oxidation of HCl over RuO2 model catalysts" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 104201 Scanning "F:\franziska\sichern\Packages\XCrySDen-1.5.21-bin-semishared\otherLICENSES\Togl" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 104201 Scanning "F:\franziska\sichern\Packages\XCrySDen-1.5.21-bin-semishared\otherLICENSES\TclTk" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 104201 Scanning "F:\franziska\sichern\Packages\XCrySDen-1.5.21-bin-semishared\otherLICENSES\BWidget" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 104201 Scanning "F:\franziska\sichern\Packages\XCrySDen-1.5.21-bin-semishared\otherLICENSES\LGPL" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 104201 Scanning "F:\franziska\sichern\Packages\XCrySDen-1.5.21-bin-semishared\otherLICENSES\GL2PS" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 104201 Scanning "F:\franziska\sichern\Packages\XCrySDen-1.5.21-bin-semishared\otherLICENSES\Mesa" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 104315 Scanning "F:\franziska\bin\XCrySDen\examples\Xcrysden_Structure_Files\c2h4" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 104315 Scanning "F:\franziska\bin\XCrySDen\examples\XSF_Files\c2h4" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 104319 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\exp-bbv\exp-bbv-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104319 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\memcheck\memcheck-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104319 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\cachegrind\cachegrind-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104320 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\helgrind\helgrind-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104320 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\.in_place\exp-dhat-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104320 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\.in_place\memcheck-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104320 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\.in_place\helgrind-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104320 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\.in_place\cachegrind-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104320 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\.in_place\lackey-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104320 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\.in_place\none-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104321 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\.in_place\callgrind-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104321 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\.in_place\exp-sgcheck-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104321 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\.in_place\exp-bbv-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104321 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\.in_place\drd-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104321 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\.in_place\massif-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104321 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\massif\massif-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104321 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\exp-sgcheck\exp-sgcheck-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104323 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\none\none-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104323 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\callgrind\callgrind-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104323 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\exp-dhat\exp-dhat-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104323 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\drd\drd-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104323 Scanning "F:\franziska\bin\valgrind\valgrind-3.8.1\lackey\lackey-amd64-linux" returned SAV Interface error 0xa0040202: Scan failed.
20130304 104808 Scanning "F:\franziska\sichern\Packages\XCrySDen-1.5.21-bin-semishared\examples\Xcrysden_Structure_Files\c2h4" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 104808 Scanning "F:\franziska\sichern\Packages\XCrySDen-1.5.21-bin-semishared\examples\XSF_Files\c2h4" returned SAV Interface error 0xa0040210: The file could not be accessed.
20130304 104904 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000001156757902_***_0.55E+01_0.16E+0\".
20130304 104904 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000001252069656_***_0.55E+01_0.70E+0\".
20130304 104905 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000001647534488_***_0.55E+01_0.13E+0\".
20130304 104906 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000001980812536_***_0.55E+01_0.14E+0\".
20130304 104910 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000001136443077_***_0.55E+01_0.89E+0\".
20130304 104917 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000000523909725_***_0.55E+01_0.30E+0\".
20130304 104939 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000002118362690_***_0.55E+01_0.14E+0\".
20130304 104950 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000001376232503_***_0.55E+01_0.10E+0\".
20130304 105001 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000000933786061_***_0.55E+01_0.14E+0\".
20130304 105002 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000000392996951_***_0.55E+01_0.10E+0\".
20130304 105003 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000001316819389_***_0.55E+01_0.14E+0\".
20130304 105011 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000000385693252_***_0.55E+01_0.14E+0\".
20130304 105013 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000001461643770_***_0.55E+01_0.78E+0\".
20130304 105031 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000000664705639_***_0.55E+01_0.14E+0\".
20130304 105033 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000001676853883_***_0.55E+01_0.23E+0\".
20130304 105034 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000002109558507_***_0.55E+01_0.26E+0\".
20130304 105039 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000000613633721_***_0.55E+01_0.11E+0\".
20130304 105102 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000000603984527_***_0.55E+01_0.38E+0\".
20130304 105117 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000000704834501_***_0.55E+01_0.48E+0\".
20130304 105121 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000001156980990_***_0.55E+01_0.62E+0\".
20130304 105123 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000001303312950_***_0.55E+01_0.21E+0\".
20130304 105128 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000001582157108_***_0.55E+01_0.14E+0\".
20130304 105130 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000001263171056_***_0.55E+01_0.34E+0\".
20130304 105133 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000001293210144_***_0.55E+01_0.55E+0\".
20130304 105135 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000000974708048_***_0.55E+01_0.43E+0\".
20130304 105135 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000000225668041_***_0.55E+01_0.14E+0\".
20130304 105159 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000001494215742_***_0.55E+01_0.14E+0\".
20130304 105213 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000000043764120_***_0.55E+01_0.18E+0\".
20130304 105220 Unknown error 0x8007010b decomposing "F:\franziska\.local\share\Trash\files\000001150342322_***_0.55E+01_0.14E+0\".
20130304 105402 Unknown error 0x8007010b decomposing "F:\franziska\.kde4\share\apps\kopete\urls\Kopete::Protocol\".
20130304 123744 Virus/spyware 'Troj/Agent-AAJX' has been detected.
20130304 123744 Scan 'Scan my computer' completed.
20130304 123744 Summary of results for scan 'Scan my computer':
Items scanned: 1915723
Errors: 70
Items quarantined: 1
Items dealt with: 0
|
|
04.03.2013, 22:17
| #4 |
| /// Malware-holic | Trojaner AAJX (?) hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 22:28
| #5 |
| | Trojaner AAJX (?) Hier ist das Logfile. Es wurde keine Bedrohung gemeldet. Danke schonmal für die schnelle Hilfe. Code:
ATTFilter 22:26:15.0718 3436 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:26:15.0734 3436 ============================================================
22:26:15.0734 3436 Current date / time: 2013/03/04 22:26:15.0734
22:26:15.0734 3436 SystemInfo:
22:26:15.0734 3436
22:26:15.0734 3436 OS Version: 5.1.2600 ServicePack: 3.0
22:26:15.0734 3436 Product type: Workstation
22:26:15.0734 3436 ComputerName: FB08-PC-THEO3
22:26:15.0734 3436 UserName: ***
22:26:15.0734 3436 Windows directory: C:\WINDOWS
22:26:15.0734 3436 System windows directory: C:\WINDOWS
22:26:15.0734 3436 Processor architecture: Intel x86
22:26:15.0734 3436 Number of processors: 6
22:26:15.0734 3436 Page size: 0x1000
22:26:15.0734 3436 Boot type: Normal boot
22:26:15.0734 3436 ============================================================
22:26:16.0718 3436 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:26:16.0718 3436 Drive \Device\Harddisk1\DR6 - Size: 0x3D780000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:26:16.0718 3436 ============================================================
22:26:16.0718 3436 \Device\Harddisk0\DR0:
22:26:16.0718 3436 MBR partitions:
22:26:16.0718 3436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
22:26:16.0781 3436 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x15353800, BlocksNum 0x2502D800
22:26:16.0781 3436 \Device\Harddisk1\DR6:
22:26:16.0781 3436 MBR partitions:
22:26:16.0781 3436 \Device\Harddisk1\DR6\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1EBBE0
22:26:16.0781 3436 ============================================================
22:26:16.0812 3436 C: <-> \Device\Harddisk0\DR0\Partition1
22:26:16.0828 3436 E: <-> \Device\Harddisk0\DR0\Partition2
22:26:16.0828 3436 ============================================================
22:26:16.0828 3436 Initialize success
22:26:16.0828 3436 ============================================================
22:26:18.0906 2848 ============================================================
22:26:18.0906 2848 Scan started
22:26:18.0906 2848 Mode: Manual;
22:26:18.0906 2848 ============================================================
22:26:19.0781 2848 ================ Scan system memory ========================
22:26:19.0781 2848 System memory - ok
22:26:19.0781 2848 ================ Scan services =============================
22:26:19.0843 2848 Abiosdsk - ok
22:26:19.0843 2848 abp480n5 - ok
22:26:19.0859 2848 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:26:19.0859 2848 ACPI - ok
22:26:19.0890 2848 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:26:19.0890 2848 ACPIEC - ok
22:26:19.0890 2848 adpu160m - ok
22:26:19.0921 2848 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:26:19.0921 2848 aec - ok
22:26:19.0953 2848 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:26:19.0953 2848 AFD - ok
22:26:19.0953 2848 Aha154x - ok
22:26:19.0968 2848 aic78u2 - ok
22:26:19.0968 2848 aic78xx - ok
22:26:20.0000 2848 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:26:20.0000 2848 Alerter - ok
22:26:20.0015 2848 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
22:26:20.0015 2848 ALG - ok
22:26:20.0015 2848 AliIde - ok
22:26:20.0062 2848 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
22:26:20.0093 2848 Ambfilt - ok
22:26:20.0109 2848 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
22:26:20.0125 2848 AmdPPM - ok
22:26:20.0125 2848 amsint - ok
22:26:20.0281 2848 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
22:26:20.0296 2848 AntiVirSchedulerService - ok
22:26:20.0312 2848 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
22:26:20.0312 2848 AntiVirService - ok
22:26:20.0328 2848 [ D05B3EB1F1C8C7199D84C9D68D35FD78 ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:26:20.0343 2848 AntiVirWebService - ok
22:26:20.0359 2848 [ 75A8B998EB259DD512F01EA25BEC7F3B ] AppleCharger C:\WINDOWS\system32\DRIVERS\AppleCharger.sys
22:26:20.0359 2848 AppleCharger - ok
22:26:20.0390 2848 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\WINDOWS\system32\AppleChargerSrv.exe
22:26:20.0390 2848 AppleChargerSrv - ok
22:26:20.0406 2848 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:26:20.0421 2848 AppMgmt - ok
22:26:20.0421 2848 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:26:20.0437 2848 Arp1394 - ok
22:26:20.0437 2848 asc - ok
22:26:20.0437 2848 asc3350p - ok
22:26:20.0437 2848 asc3550 - ok
22:26:20.0515 2848 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:26:20.0515 2848 aspnet_state - ok
22:26:20.0531 2848 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:26:20.0531 2848 AsyncMac - ok
22:26:20.0562 2848 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:26:20.0562 2848 atapi - ok
22:26:20.0562 2848 Atdisk - ok
22:26:20.0609 2848 [ AF61E4353C2257B32BAA22D97B822C04 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
22:26:20.0609 2848 Ati HotKey Poller - ok
22:26:20.0625 2848 [ 106C8D405A14387A7B21ED3A73A9511A ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
22:26:20.0640 2848 ATI Smart - ok
22:26:20.0703 2848 [ 9CD9658B9575A07AAD676639FE3B51D6 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:26:20.0718 2848 ati2mtag - ok
22:26:20.0750 2848 [ FAC04A8E09C8D70594382656D99772A3 ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
22:26:20.0750 2848 AtiHdmiService - ok
22:26:20.0765 2848 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:26:20.0765 2848 Atmarpc - ok
22:26:20.0796 2848 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:26:20.0796 2848 AudioSrv - ok
22:26:20.0828 2848 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:26:20.0828 2848 audstub - ok
22:26:20.0843 2848 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:26:20.0859 2848 avgntflt - ok
22:26:20.0890 2848 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:26:20.0890 2848 avipbb - ok
22:26:20.0906 2848 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:26:20.0906 2848 avkmgr - ok
22:26:20.0921 2848 BCUService - ok
22:26:20.0937 2848 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:26:20.0953 2848 Beep - ok
22:26:20.0984 2848 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
22:26:20.0984 2848 BITS - ok
22:26:21.0000 2848 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
22:26:21.0000 2848 Browser - ok
22:26:21.0015 2848 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:26:21.0015 2848 cbidf2k - ok
22:26:21.0015 2848 cd20xrnt - ok
22:26:21.0046 2848 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:26:21.0046 2848 Cdaudio - ok
22:26:21.0062 2848 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:26:21.0062 2848 Cdfs - ok
22:26:21.0062 2848 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:26:21.0062 2848 Cdrom - ok
22:26:21.0078 2848 Changer - ok
22:26:21.0093 2848 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:26:21.0093 2848 CiSvc - ok
22:26:21.0109 2848 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:26:21.0109 2848 ClipSrv - ok
22:26:21.0125 2848 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:26:21.0140 2848 clr_optimization_v2.0.50727_32 - ok
22:26:21.0140 2848 CmdIde - ok
22:26:21.0140 2848 COMSysApp - ok
22:26:21.0156 2848 Cpqarray - ok
22:26:21.0171 2848 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:26:21.0187 2848 CryptSvc - ok
22:26:21.0187 2848 dac2w2k - ok
22:26:21.0187 2848 dac960nt - ok
22:26:21.0218 2848 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:26:21.0218 2848 DcomLaunch - ok
22:26:21.0250 2848 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:26:21.0250 2848 Dhcp - ok
22:26:21.0265 2848 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:26:21.0265 2848 Disk - ok
22:26:21.0265 2848 dmadmin - ok
22:26:21.0281 2848 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:26:21.0296 2848 dmboot - ok
22:26:21.0296 2848 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:26:21.0312 2848 dmio - ok
22:26:21.0328 2848 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:26:21.0328 2848 dmload - ok
22:26:21.0343 2848 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:26:21.0343 2848 dmserver - ok
22:26:21.0375 2848 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:26:21.0375 2848 DMusic - ok
22:26:21.0406 2848 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:26:21.0406 2848 Dnscache - ok
22:26:21.0437 2848 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:26:21.0437 2848 Dot3svc - ok
22:26:21.0453 2848 dpti2o - ok
22:26:21.0453 2848 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:26:21.0453 2848 drmkaud - ok
22:26:21.0468 2848 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:26:21.0468 2848 EapHost - ok
22:26:21.0500 2848 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:26:21.0500 2848 ERSvc - ok
22:26:21.0531 2848 [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Programme\Gigabyte\EasySaver\ESSVR.EXE
22:26:21.0531 2848 ES lite Service - ok
22:26:21.0562 2848 [ 3AF0AE042AFE486B22644CD3FBEBF2E2 ] etdrv C:\WINDOWS\etdrv.sys
22:26:21.0562 2848 etdrv - ok
22:26:21.0593 2848 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
22:26:21.0593 2848 Eventlog - ok
22:26:21.0625 2848 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
22:26:21.0625 2848 EventSystem - ok
22:26:21.0656 2848 [ FBC0E085A5BECBA5DD3C401EEB6E45BB ] Ext2fs C:\WINDOWS\system32\DRIVERS\ext2fs.sys
22:26:21.0656 2848 Ext2fs - ok
22:26:21.0703 2848 [ 81A65244D3FFBEDA568576BB72B510F2 ] Ext2Fsd C:\WINDOWS\system32\drivers\Ext2Fsd.sys
22:26:21.0703 2848 Ext2Fsd - ok
22:26:21.0734 2848 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:26:21.0734 2848 Fastfat - ok
22:26:21.0765 2848 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:26:21.0765 2848 FastUserSwitchingCompatibility - ok
22:26:21.0781 2848 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:26:21.0781 2848 Fdc - ok
22:26:21.0781 2848 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:26:21.0796 2848 Fips - ok
22:26:21.0796 2848 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:26:21.0796 2848 Flpydisk - ok
22:26:21.0812 2848 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:26:21.0812 2848 FltMgr - ok
22:26:21.0843 2848 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:26:21.0843 2848 FontCache3.0.0.0 - ok
22:26:21.0875 2848 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:26:21.0875 2848 Fs_Rec - ok
22:26:21.0875 2848 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:26:21.0875 2848 Ftdisk - ok
22:26:21.0906 2848 [ D556CB79967E92B5CC69686D16C1D846 ] gdrv C:\WINDOWS\gdrv.sys
22:26:21.0906 2848 gdrv - ok
22:26:21.0937 2848 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:26:21.0937 2848 Gpc - ok
22:26:21.0953 2848 [ 689A8EEF2A2D62B28A0A578A6196531C ] GVTDrv C:\WINDOWS\system32\Drivers\GVTDrv.sys
22:26:21.0953 2848 GVTDrv - ok
22:26:21.0984 2848 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:26:21.0984 2848 HDAudBus - ok
22:26:22.0046 2848 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:26:22.0046 2848 helpsvc - ok
22:26:22.0062 2848 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
22:26:22.0078 2848 HidServ - ok
22:26:22.0093 2848 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:26:22.0093 2848 hidusb - ok
22:26:22.0125 2848 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:26:22.0125 2848 hkmsvc - ok
22:26:22.0125 2848 hpn - ok
22:26:22.0171 2848 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:26:22.0171 2848 HPSLPSVC - ok
22:26:22.0187 2848 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:26:22.0187 2848 HPZid412 - ok
22:26:22.0187 2848 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:26:22.0203 2848 HPZipr12 - ok
22:26:22.0203 2848 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:26:22.0218 2848 HPZius12 - ok
22:26:22.0234 2848 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:26:22.0234 2848 HTTP - ok
22:26:22.0265 2848 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:26:22.0265 2848 HTTPFilter - ok
22:26:22.0265 2848 i2omgmt - ok
22:26:22.0265 2848 i2omp - ok
22:26:22.0359 2848 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:26:22.0375 2848 IDriverT - ok
22:26:22.0406 2848 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:26:22.0437 2848 idsvc - ok
22:26:22.0468 2848 [ F3F825FCC70471FD967126E1871B2CDC ] IfsMount C:\WINDOWS\system32\DRIVERS\ifsmount.sys
22:26:22.0468 2848 IfsMount - ok
22:26:22.0484 2848 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:26:22.0484 2848 Imapi - ok
22:26:22.0515 2848 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
22:26:22.0515 2848 ImapiService - ok
22:26:22.0515 2848 ini910u - ok
22:26:22.0625 2848 [ 718F495096DF8D94FB66C9C962646372 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:26:22.0656 2848 IntcAzAudAddService - ok
22:26:22.0656 2848 IntelIde - ok
22:26:22.0671 2848 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:26:22.0687 2848 Ip6Fw - ok
22:26:22.0703 2848 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:26:22.0703 2848 IpFilterDriver - ok
22:26:22.0718 2848 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:26:22.0718 2848 IpInIp - ok
22:26:22.0718 2848 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:26:22.0718 2848 IpNat - ok
22:26:22.0734 2848 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:26:22.0734 2848 IPSec - ok
22:26:22.0734 2848 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:26:22.0734 2848 IRENUM - ok
22:26:22.0750 2848 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:26:22.0765 2848 isapnp - ok
22:26:22.0812 2848 [ 9AE07549A0D691A103FAF8946554BDB7 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
22:26:22.0812 2848 JavaQuickStarterService - ok
22:26:22.0828 2848 [ 6242E8DD2E43E8A0DDA517D62C9680E6 ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
22:26:22.0828 2848 JRAID - ok
22:26:22.0843 2848 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:26:22.0843 2848 Kbdclass - ok
22:26:22.0843 2848 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:26:22.0843 2848 kbdhid - ok
22:26:22.0859 2848 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:26:22.0875 2848 kmixer - ok
22:26:22.0906 2848 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:26:22.0906 2848 KSecDD - ok
22:26:22.0937 2848 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:26:22.0937 2848 lanmanserver - ok
22:26:22.0968 2848 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:26:22.0968 2848 lanmanworkstation - ok
22:26:22.0968 2848 lbrtfdc - ok
22:26:23.0000 2848 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:26:23.0000 2848 LmHosts - ok
22:26:23.0015 2848 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:26:23.0015 2848 Messenger - ok
22:26:23.0046 2848 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:26:23.0046 2848 mnmdd - ok
22:26:23.0078 2848 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:26:23.0078 2848 mnmsrvc - ok
22:26:23.0093 2848 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:26:23.0093 2848 Modem - ok
22:26:23.0125 2848 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
22:26:23.0156 2848 Monfilt - ok
22:26:23.0171 2848 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:26:23.0171 2848 Mouclass - ok
22:26:23.0187 2848 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:26:23.0187 2848 mouhid - ok
22:26:23.0218 2848 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:26:23.0218 2848 MountMgr - ok
22:26:23.0218 2848 mraid35x - ok
22:26:23.0234 2848 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:26:23.0234 2848 MRxDAV - ok
22:26:23.0250 2848 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:26:23.0250 2848 MRxSmb - ok
22:26:23.0281 2848 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:26:23.0281 2848 MSDTC - ok
22:26:23.0281 2848 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:26:23.0281 2848 Msfs - ok
22:26:23.0296 2848 MSIServer - ok
22:26:23.0312 2848 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:26:23.0312 2848 MSKSSRV - ok
22:26:23.0312 2848 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:26:23.0312 2848 MSPCLOCK - ok
22:26:23.0328 2848 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:26:23.0343 2848 MSPQM - ok
22:26:23.0343 2848 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:26:23.0343 2848 mssmbios - ok
22:26:23.0390 2848 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:26:23.0390 2848 Mup - ok
22:26:23.0421 2848 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
22:26:23.0421 2848 napagent - ok
22:26:23.0437 2848 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:26:23.0453 2848 NDIS - ok
22:26:23.0484 2848 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:26:23.0484 2848 NdisTapi - ok
22:26:23.0515 2848 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:26:23.0515 2848 Ndisuio - ok
22:26:23.0531 2848 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:26:23.0531 2848 NdisWan - ok
22:26:23.0546 2848 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:26:23.0546 2848 NDProxy - ok
22:26:23.0578 2848 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
22:26:23.0578 2848 Net Driver HPZ12 - ok
22:26:23.0609 2848 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:26:23.0609 2848 NetBIOS - ok
22:26:23.0640 2848 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:26:23.0656 2848 NetBT - ok
22:26:23.0671 2848 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
22:26:23.0687 2848 NetDDE - ok
22:26:23.0687 2848 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:26:23.0687 2848 NetDDEdsdm - ok
22:26:23.0703 2848 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:26:23.0703 2848 Netlogon - ok
22:26:23.0718 2848 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
22:26:23.0718 2848 Netman - ok
22:26:23.0750 2848 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:26:23.0750 2848 NetTcpPortSharing - ok
22:26:23.0765 2848 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:26:23.0781 2848 NIC1394 - ok
22:26:23.0781 2848 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
22:26:23.0781 2848 Nla - ok
22:26:23.0796 2848 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:26:23.0796 2848 Npfs - ok
22:26:23.0828 2848 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:26:23.0828 2848 Ntfs - ok
22:26:23.0843 2848 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:26:23.0843 2848 NtLmSsp - ok
22:26:23.0859 2848 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:26:23.0859 2848 NtmsSvc - ok
22:26:23.0875 2848 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:26:23.0875 2848 Null - ok
22:26:23.0906 2848 [ 68C890DDB21028CB1EA5551B47B29E1B ] nusb3hub C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
22:26:23.0906 2848 nusb3hub - ok
22:26:23.0937 2848 [ 2CF970C1A9E05D3B91039C2DD4471C0E ] nusb3xhc C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
22:26:23.0953 2848 nusb3xhc - ok
22:26:23.0968 2848 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:26:23.0984 2848 NwlnkFlt - ok
22:26:23.0984 2848 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:26:23.0984 2848 NwlnkFwd - ok
22:26:24.0000 2848 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:26:24.0000 2848 ohci1394 - ok
22:26:24.0046 2848 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
22:26:24.0046 2848 ose - ok
22:26:24.0046 2848 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:26:24.0062 2848 Parport - ok
22:26:24.0062 2848 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:26:24.0062 2848 PartMgr - ok
22:26:24.0078 2848 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:26:24.0078 2848 ParVdm - ok
22:26:24.0093 2848 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:26:24.0093 2848 PCI - ok
22:26:24.0093 2848 PCIDump - ok
22:26:24.0093 2848 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:26:24.0093 2848 PCIIde - ok
22:26:24.0109 2848 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:26:24.0109 2848 Pcmcia - ok
22:26:24.0125 2848 PDCOMP - ok
22:26:24.0125 2848 PDFRAME - ok
22:26:24.0125 2848 PDRELI - ok
22:26:24.0140 2848 PDRFRAME - ok
22:26:24.0140 2848 perc2 - ok
22:26:24.0140 2848 perc2hib - ok
22:26:24.0156 2848 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
22:26:24.0156 2848 PlugPlay - ok
22:26:24.0187 2848 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
22:26:24.0187 2848 Pml Driver HPZ12 - ok
22:26:24.0203 2848 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:26:24.0203 2848 PolicyAgent - ok
22:26:24.0234 2848 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:26:24.0234 2848 PptpMiniport - ok
22:26:24.0250 2848 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
22:26:24.0250 2848 Processor - ok
22:26:24.0250 2848 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:26:24.0250 2848 ProtectedStorage - ok
22:26:24.0250 2848 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:26:24.0265 2848 PSched - ok
22:26:24.0296 2848 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:26:24.0296 2848 Ptilink - ok
22:26:24.0296 2848 ql1080 - ok
22:26:24.0296 2848 Ql10wnt - ok
22:26:24.0312 2848 ql12160 - ok
22:26:24.0312 2848 ql1240 - ok
22:26:24.0312 2848 ql1280 - ok
22:26:24.0328 2848 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:26:24.0328 2848 RasAcd - ok
22:26:24.0343 2848 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:26:24.0343 2848 RasAuto - ok
22:26:24.0359 2848 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:26:24.0359 2848 Rasl2tp - ok
22:26:24.0390 2848 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:26:24.0390 2848 RasMan - ok
22:26:24.0406 2848 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:26:24.0406 2848 RasPppoe - ok
22:26:24.0406 2848 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:26:24.0406 2848 Raspti - ok
22:26:24.0421 2848 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:26:24.0437 2848 Rdbss - ok
22:26:24.0437 2848 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:26:24.0437 2848 RDPCDD - ok
22:26:24.0453 2848 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:26:24.0453 2848 rdpdr - ok
22:26:24.0484 2848 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:26:24.0484 2848 RDPWD - ok
22:26:24.0500 2848 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:26:24.0500 2848 RDSessMgr - ok
22:26:24.0531 2848 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:26:24.0531 2848 redbook - ok
22:26:24.0546 2848 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:26:24.0546 2848 RemoteAccess - ok
22:26:24.0578 2848 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:26:24.0578 2848 RemoteRegistry - ok
22:26:24.0593 2848 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
22:26:24.0609 2848 RpcLocator - ok
22:26:24.0625 2848 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:26:24.0625 2848 RpcSs - ok
22:26:24.0656 2848 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:26:24.0656 2848 RSVP - ok
22:26:24.0734 2848 [ 3A5D16604E1744964E08432354C489A3 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtKHDMI.sys
22:26:24.0781 2848 RTHDMIAzAudService - ok
22:26:24.0796 2848 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:26:24.0796 2848 rtl8139 - ok
22:26:24.0828 2848 [ C48E7BBC6A17A0676079E11A13E82549 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:26:24.0828 2848 RTLE8023xp - ok
22:26:24.0843 2848 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
22:26:24.0843 2848 SamSs - ok
22:26:24.0875 2848 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:26:24.0890 2848 SCardSvr - ok
22:26:24.0890 2848 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:26:24.0890 2848 Schedule - ok
22:26:24.0937 2848 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:26:24.0937 2848 Secdrv - ok
22:26:24.0953 2848 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
22:26:24.0953 2848 seclogon - ok
22:26:24.0953 2848 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
22:26:24.0953 2848 SENS - ok
22:26:24.0953 2848 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:26:24.0968 2848 serenum - ok
22:26:24.0968 2848 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:26:24.0968 2848 Serial - ok
22:26:24.0984 2848 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:26:24.0984 2848 Sfloppy - ok
22:26:25.0015 2848 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:26:25.0015 2848 SharedAccess - ok
22:26:25.0031 2848 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:26:25.0031 2848 ShellHWDetection - ok
22:26:25.0031 2848 Simbad - ok
22:26:25.0125 2848 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:26:25.0140 2848 Skype C2C Service - ok
22:26:25.0187 2848 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
22:26:25.0187 2848 SkypeUpdate - ok
22:26:25.0187 2848 Sparrow - ok
22:26:25.0203 2848 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:26:25.0203 2848 splitter - ok
22:26:25.0234 2848 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:26:25.0234 2848 Spooler - ok
22:26:25.0250 2848 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:26:25.0250 2848 sr - ok
22:26:25.0281 2848 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
22:26:25.0281 2848 srservice - ok
22:26:25.0296 2848 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:26:25.0296 2848 Srv - ok
22:26:25.0312 2848 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:26:25.0328 2848 SSDPSRV - ok
22:26:25.0343 2848 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:26:25.0359 2848 ssmdrv - ok
22:26:25.0375 2848 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:26:25.0390 2848 stisvc - ok
22:26:25.0421 2848 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:26:25.0421 2848 swenum - ok
22:26:25.0421 2848 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:26:25.0437 2848 swmidi - ok
22:26:25.0437 2848 SwPrv - ok
22:26:25.0437 2848 symc810 - ok
22:26:25.0437 2848 symc8xx - ok
22:26:25.0453 2848 sym_hi - ok
22:26:25.0453 2848 sym_u3 - ok
22:26:25.0453 2848 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:26:25.0453 2848 sysaudio - ok
22:26:25.0484 2848 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:26:25.0500 2848 SysmonLog - ok
22:26:25.0531 2848 [ DAD1A4D96291139C0F834B138320E475 ] TabletServicePen C:\WINDOWS\system32\Pen_Tablet.exe
22:26:25.0546 2848 TabletServicePen - ok
22:26:25.0578 2848 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:26:25.0578 2848 TapiSrv - ok
22:26:25.0625 2848 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:26:25.0625 2848 Tcpip - ok
22:26:25.0656 2848 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:26:25.0656 2848 TDPIPE - ok
22:26:25.0656 2848 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:26:25.0656 2848 TDTCP - ok
22:26:25.0687 2848 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:26:25.0687 2848 TermDD - ok
22:26:25.0718 2848 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
22:26:25.0718 2848 TermService - ok
22:26:25.0750 2848 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:26:25.0750 2848 Themes - ok
22:26:25.0781 2848 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:26:25.0796 2848 TlntSvr - ok
22:26:25.0796 2848 TosIde - ok
22:26:25.0828 2848 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:26:25.0828 2848 TrkWks - ok
22:26:25.0843 2848 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:26:25.0843 2848 Udfs - ok
22:26:25.0843 2848 ultra - ok
22:26:25.0875 2848 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:26:25.0875 2848 Update - ok
22:26:25.0890 2848 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:26:25.0906 2848 upnphost - ok
22:26:25.0906 2848 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
22:26:25.0937 2848 UPS - ok
22:26:25.0953 2848 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:26:25.0953 2848 usbccgp - ok
22:26:25.0968 2848 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:26:25.0968 2848 usbehci - ok
22:26:26.0000 2848 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:26:26.0000 2848 usbhub - ok
22:26:26.0015 2848 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:26:26.0015 2848 usbohci - ok
22:26:26.0046 2848 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:26:26.0046 2848 usbprint - ok
22:26:26.0046 2848 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:26:26.0046 2848 USBSTOR - ok
22:26:26.0062 2848 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:26:26.0062 2848 VgaSave - ok
22:26:26.0062 2848 ViaIde - ok
22:26:26.0078 2848 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:26:26.0093 2848 VolSnap - ok
22:26:26.0125 2848 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
22:26:26.0125 2848 VSS - ok
22:26:26.0140 2848 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
22:26:26.0140 2848 W32Time - ok
22:26:26.0171 2848 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
22:26:26.0171 2848 wacommousefilter - ok
22:26:26.0187 2848 [ 73E6F16A1F187D71FB26AF308551E54A ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
22:26:26.0187 2848 wacomvhid - ok
22:26:26.0203 2848 [ 889459833432B161CB99CFDF84A1A9BB ] WacomVKHid C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
22:26:26.0203 2848 WacomVKHid - ok
22:26:26.0218 2848 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:26:26.0218 2848 Wanarp - ok
22:26:26.0218 2848 WDICA - ok
22:26:26.0234 2848 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:26:26.0234 2848 wdmaud - ok
22:26:26.0250 2848 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:26:26.0250 2848 WebClient - ok
22:26:26.0296 2848 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:26:26.0296 2848 winmgmt - ok
22:26:26.0312 2848 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
22:26:26.0328 2848 WmdmPmSN - ok
22:26:26.0343 2848 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:26:26.0343 2848 Wmi - ok
22:26:26.0359 2848 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:26:26.0359 2848 WmiAcpi - ok
22:26:26.0375 2848 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:26:26.0375 2848 WmiApSrv - ok
22:26:26.0406 2848 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:26:26.0406 2848 wscsvc - ok
22:26:26.0406 2848 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:26:26.0421 2848 wuauserv - ok
22:26:26.0453 2848 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:26:26.0453 2848 WZCSVC - ok
22:26:26.0468 2848 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:26:26.0468 2848 xmlprov - ok
22:26:26.0484 2848 ================ Scan global ===============================
22:26:26.0500 2848 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
22:26:26.0531 2848 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:26:26.0546 2848 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:26:26.0546 2848 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
22:26:26.0546 2848 [Global] - ok
22:26:26.0546 2848 ================ Scan MBR ==================================
22:26:26.0562 2848 [ AD9B705AB096A51023121C8E7DB9D21B ] \Device\Harddisk0\DR0
22:26:26.0671 2848 \Device\Harddisk0\DR0 - ok
22:26:26.0671 2848 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR6
22:26:28.0500 2848 \Device\Harddisk1\DR6 - ok
22:26:28.0500 2848 ================ Scan VBR ==================================
22:26:28.0531 2848 [ 59C4A5AD665F21126522ED0F5B9EC94D ] \Device\Harddisk0\DR0\Partition1
22:26:28.0531 2848 \Device\Harddisk0\DR0\Partition1 - ok
22:26:28.0562 2848 [ 75E76FFF3B3462CD1FB89AA399B2ABDF ] \Device\Harddisk0\DR0\Partition2
22:26:28.0562 2848 \Device\Harddisk0\DR0\Partition2 - ok
22:26:28.0562 2848 [ BEF48FB7411D8A1412ABC2036CC5ABD8 ] \Device\Harddisk1\DR6\Partition1
22:26:28.0562 2848 \Device\Harddisk1\DR6\Partition1 - ok
22:26:28.0562 2848 ============================================================
22:26:28.0562 2848 Scan finished
22:26:28.0562 2848 ============================================================
22:26:28.0562 3452 Detected object count: 0
22:26:28.0562 3452 Actual detected object count: 0
22:26:52.0515 3432 Deinitialize success
|
|
05.03.2013, 19:49
| #6 |
| /// Malware-holic | Trojaner AAJX (?) anleitung noch mal lesen, tdss killer richtig konfigurieren, neues log posten
__________________ --> Trojaner AAJX (?) |
|
05.03.2013, 20:08
| #7 |
| | Trojaner AAJX (?)Code:
ATTFilter 20:05:09.0078 7976 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:05:09.0171 7976 ============================================================
20:05:09.0171 7976 Current date / time: 2013/03/05 20:05:09.0171
20:05:09.0171 7976 SystemInfo:
20:05:09.0171 7976
20:05:09.0171 7976 OS Version: 5.1.2600 ServicePack: 3.0
20:05:09.0171 7976 Product type: Workstation
20:05:09.0171 7976 ComputerName: FB08-PC-THEO3
20:05:09.0171 7976 UserName: ***
20:05:09.0171 7976 Windows directory: C:\WINDOWS
20:05:09.0171 7976 System windows directory: C:\WINDOWS
20:05:09.0171 7976 Processor architecture: Intel x86
20:05:09.0171 7976 Number of processors: 6
20:05:09.0171 7976 Page size: 0x1000
20:05:09.0171 7976 Boot type: Normal boot
20:05:09.0171 7976 ============================================================
20:05:14.0890 7976 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:05:14.0890 7976 ============================================================
20:05:14.0890 7976 \Device\Harddisk0\DR0:
20:05:14.0906 7976 MBR partitions:
20:05:14.0906 7976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
20:05:14.0968 7976 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x15353800, BlocksNum 0x2502D800
20:05:14.0968 7976 ============================================================
20:05:15.0000 7976 C: <-> \Device\Harddisk0\DR0\Partition1
20:05:15.0015 7976 E: <-> \Device\Harddisk0\DR0\Partition2
20:05:15.0015 7976 ============================================================
20:05:15.0015 7976 Initialize success
20:05:15.0015 7976 ============================================================
20:06:14.0500 8000 ============================================================
20:06:14.0500 8000 Scan started
20:06:14.0500 8000 Mode: Manual; SigCheck; TDLFS;
20:06:14.0500 8000 ============================================================
20:06:16.0218 8000 ================ Scan system memory ========================
20:06:16.0234 8000 System memory - ok
20:06:16.0234 8000 ================ Scan services =============================
20:06:16.0312 8000 Abiosdsk - ok
20:06:16.0312 8000 abp480n5 - ok
20:06:16.0328 8000 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:06:16.0687 8000 ACPI - ok
20:06:16.0718 8000 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:06:16.0796 8000 ACPIEC - ok
20:06:16.0796 8000 adpu160m - ok
20:06:16.0812 8000 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:06:16.0875 8000 aec - ok
20:06:16.0906 8000 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:06:16.0937 8000 AFD - ok
20:06:16.0937 8000 Aha154x - ok
20:06:16.0937 8000 aic78u2 - ok
20:06:16.0953 8000 aic78xx - ok
20:06:16.0968 8000 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:06:17.0046 8000 Alerter - ok
20:06:17.0062 8000 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
20:06:17.0140 8000 ALG - ok
20:06:17.0140 8000 AliIde - ok
20:06:17.0187 8000 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
20:06:17.0281 8000 Ambfilt - ok
20:06:17.0312 8000 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
20:06:17.0359 8000 AmdPPM - ok
20:06:17.0359 8000 amsint - ok
20:06:17.0390 8000 [ 75A8B998EB259DD512F01EA25BEC7F3B ] AppleCharger C:\WINDOWS\system32\DRIVERS\AppleCharger.sys
20:06:17.0406 8000 AppleCharger - ok
20:06:17.0421 8000 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\WINDOWS\system32\AppleChargerSrv.exe
20:06:17.0421 8000 AppleChargerSrv - ok
20:06:17.0453 8000 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:06:17.0531 8000 AppMgmt - ok
20:06:17.0546 8000 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:06:17.0625 8000 Arp1394 - ok
20:06:17.0625 8000 asc - ok
20:06:17.0625 8000 asc3350p - ok
20:06:17.0625 8000 asc3550 - ok
20:06:17.0703 8000 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:06:17.0703 8000 aspnet_state - ok
20:06:17.0718 8000 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:06:17.0796 8000 AsyncMac - ok
20:06:17.0828 8000 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:06:17.0890 8000 atapi - ok
20:06:17.0890 8000 Atdisk - ok
20:06:17.0921 8000 [ AF61E4353C2257B32BAA22D97B822C04 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
20:06:17.0984 8000 Ati HotKey Poller - ok
20:06:18.0000 8000 [ 106C8D405A14387A7B21ED3A73A9511A ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
20:06:18.0015 8000 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
20:06:18.0015 8000 ATI Smart - detected UnsignedFile.Multi.Generic (1)
20:06:18.0078 8000 [ 9CD9658B9575A07AAD676639FE3B51D6 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:06:18.0171 8000 ati2mtag - ok
20:06:18.0203 8000 [ FAC04A8E09C8D70594382656D99772A3 ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
20:06:18.0218 8000 AtiHdmiService - ok
20:06:18.0234 8000 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:06:18.0296 8000 Atmarpc - ok
20:06:18.0328 8000 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:06:18.0406 8000 AudioSrv - ok
20:06:18.0453 8000 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:06:18.0500 8000 audstub - ok
20:06:18.0828 8000 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
20:06:18.0843 8000 AVP - ok
20:06:18.0859 8000 BCUService - ok
20:06:18.0890 8000 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:06:18.0968 8000 Beep - ok
20:06:19.0000 8000 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
20:06:19.0062 8000 BITS - ok
20:06:19.0093 8000 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
20:06:19.0171 8000 Browser - ok
20:06:19.0187 8000 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:06:19.0265 8000 cbidf2k - ok
20:06:19.0265 8000 cd20xrnt - ok
20:06:19.0281 8000 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:06:19.0359 8000 Cdaudio - ok
20:06:19.0390 8000 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:06:19.0437 8000 Cdfs - ok
20:06:19.0453 8000 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:06:19.0515 8000 Cdrom - ok
20:06:19.0515 8000 Changer - ok
20:06:19.0531 8000 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:06:19.0609 8000 CiSvc - ok
20:06:19.0625 8000 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:06:19.0671 8000 ClipSrv - ok
20:06:19.0703 8000 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:06:19.0703 8000 clr_optimization_v2.0.50727_32 - ok
20:06:19.0718 8000 CmdIde - ok
20:06:19.0718 8000 COMSysApp - ok
20:06:19.0718 8000 Cpqarray - ok
20:06:19.0734 8000 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:06:19.0796 8000 CryptSvc - ok
20:06:19.0796 8000 dac2w2k - ok
20:06:19.0796 8000 dac960nt - ok
20:06:19.0828 8000 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:06:19.0890 8000 DcomLaunch - ok
20:06:19.0906 8000 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:06:19.0984 8000 Dhcp - ok
20:06:20.0000 8000 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:06:20.0078 8000 Disk - ok
20:06:20.0078 8000 dmadmin - ok
20:06:20.0109 8000 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:06:20.0187 8000 dmboot - ok
20:06:20.0203 8000 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:06:20.0250 8000 dmio - ok
20:06:20.0281 8000 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:06:20.0359 8000 dmload - ok
20:06:20.0406 8000 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:06:20.0484 8000 dmserver - ok
20:06:20.0515 8000 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:06:20.0562 8000 DMusic - ok
20:06:20.0609 8000 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:06:20.0687 8000 Dnscache - ok
20:06:20.0718 8000 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:06:20.0781 8000 Dot3svc - ok
20:06:20.0796 8000 dpti2o - ok
20:06:20.0812 8000 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:06:20.0875 8000 drmkaud - ok
20:06:20.0890 8000 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:06:20.0953 8000 EapHost - ok
20:06:20.0968 8000 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:06:21.0031 8000 ERSvc - ok
20:06:21.0062 8000 [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Programme\Gigabyte\EasySaver\ESSVR.EXE
20:06:21.0078 8000 ES lite Service - ok
20:06:21.0109 8000 [ 3AF0AE042AFE486B22644CD3FBEBF2E2 ] etdrv C:\WINDOWS\etdrv.sys
20:06:21.0109 8000 etdrv - ok
20:06:21.0156 8000 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
20:06:21.0171 8000 Eventlog - ok
20:06:21.0218 8000 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
20:06:21.0234 8000 EventSystem - ok
20:06:21.0265 8000 [ FBC0E085A5BECBA5DD3C401EEB6E45BB ] Ext2fs C:\WINDOWS\system32\DRIVERS\ext2fs.sys
20:06:21.0281 8000 Ext2fs ( UnsignedFile.Multi.Generic ) - warning
20:06:21.0281 8000 Ext2fs - detected UnsignedFile.Multi.Generic (1)
20:06:21.0328 8000 [ 81A65244D3FFBEDA568576BB72B510F2 ] Ext2Fsd C:\WINDOWS\system32\drivers\Ext2Fsd.sys
20:06:21.0359 8000 Ext2Fsd - ok
20:06:21.0390 8000 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:06:21.0453 8000 Fastfat - ok
20:06:21.0484 8000 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:06:21.0515 8000 FastUserSwitchingCompatibility - ok
20:06:21.0531 8000 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:06:21.0578 8000 Fdc - ok
20:06:21.0593 8000 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:06:21.0656 8000 Fips - ok
20:06:21.0656 8000 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:06:21.0718 8000 Flpydisk - ok
20:06:21.0750 8000 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:06:21.0812 8000 FltMgr - ok
20:06:21.0843 8000 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:06:21.0843 8000 FontCache3.0.0.0 - ok
20:06:21.0859 8000 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:06:21.0937 8000 Fs_Rec - ok
20:06:21.0937 8000 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:06:22.0000 8000 Ftdisk - ok
20:06:22.0031 8000 [ D556CB79967E92B5CC69686D16C1D846 ] gdrv C:\WINDOWS\gdrv.sys
20:06:22.0046 8000 gdrv - ok
20:06:22.0062 8000 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:06:22.0140 8000 Gpc - ok
20:06:22.0140 8000 [ 689A8EEF2A2D62B28A0A578A6196531C ] GVTDrv C:\WINDOWS\system32\Drivers\GVTDrv.sys
20:06:22.0156 8000 GVTDrv - ok
20:06:22.0187 8000 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:06:22.0265 8000 HDAudBus - ok
20:06:22.0328 8000 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:06:22.0390 8000 helpsvc - ok
20:06:22.0406 8000 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
20:06:22.0484 8000 HidServ - ok
20:06:22.0500 8000 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:06:22.0562 8000 hidusb - ok
20:06:22.0609 8000 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:06:22.0656 8000 hkmsvc - ok
20:06:22.0656 8000 hpn - ok
20:06:22.0703 8000 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL
20:06:22.0828 8000 HPSLPSVC - ok
20:06:22.0859 8000 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:06:22.0953 8000 HPZid412 - ok
20:06:22.0953 8000 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:06:22.0984 8000 HPZipr12 - ok
20:06:23.0015 8000 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:06:23.0031 8000 HPZius12 - ok
20:06:23.0062 8000 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:06:23.0093 8000 HTTP - ok
20:06:23.0125 8000 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:06:23.0187 8000 HTTPFilter - ok
20:06:23.0187 8000 i2omgmt - ok
20:06:23.0187 8000 i2omp - ok
20:06:23.0296 8000 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:06:23.0328 8000 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:06:23.0328 8000 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:06:23.0375 8000 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:06:23.0406 8000 idsvc - ok
20:06:23.0437 8000 [ F3F825FCC70471FD967126E1871B2CDC ] IfsMount C:\WINDOWS\system32\DRIVERS\ifsmount.sys
20:06:23.0453 8000 IfsMount ( UnsignedFile.Multi.Generic ) - warning
20:06:23.0453 8000 IfsMount - detected UnsignedFile.Multi.Generic (1)
20:06:23.0484 8000 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:06:23.0562 8000 Imapi - ok
20:06:23.0578 8000 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
20:06:23.0656 8000 ImapiService - ok
20:06:23.0656 8000 ini910u - ok
20:06:23.0750 8000 [ 718F495096DF8D94FB66C9C962646372 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:06:23.0890 8000 IntcAzAudAddService - ok
20:06:23.0890 8000 IntelIde - ok
20:06:23.0906 8000 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:06:23.0984 8000 Ip6Fw - ok
20:06:24.0015 8000 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:06:24.0093 8000 IpFilterDriver - ok
20:06:24.0125 8000 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:06:24.0171 8000 IpInIp - ok
20:06:24.0187 8000 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:06:24.0250 8000 IpNat - ok
20:06:24.0265 8000 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:06:24.0343 8000 IPSec - ok
20:06:24.0359 8000 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:06:24.0437 8000 IRENUM - ok
20:06:24.0484 8000 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:06:24.0531 8000 isapnp - ok
20:06:24.0609 8000 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
20:06:24.0609 8000 JavaQuickStarterService - ok
20:06:24.0625 8000 [ 6242E8DD2E43E8A0DDA517D62C9680E6 ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
20:06:24.0640 8000 JRAID - ok
20:06:24.0656 8000 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:06:24.0718 8000 Kbdclass - ok
20:06:24.0718 8000 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:06:24.0781 8000 kbdhid - ok
20:06:24.0812 8000 [ EA26CB00F83686856F2C79673C00C686 ] kl1 C:\WINDOWS\system32\DRIVERS\kl1.sys
20:06:24.0828 8000 kl1 - ok
20:06:24.0859 8000 [ 3D23639C3FDBC082AF7016A5C8829329 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
20:06:24.0875 8000 KLIF - ok
20:06:24.0890 8000 [ 05E5504E5E06F75F18BBEA7291601FE2 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
20:06:24.0906 8000 klim5 - ok
20:06:24.0921 8000 [ 7BE035A9C20F357DC765D6C7FDCDC964 ] klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
20:06:24.0921 8000 klkbdflt - ok
20:06:24.0937 8000 [ A8234A8F67B0565F74753FE88A7BF03D ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
20:06:24.0953 8000 klmouflt - ok
20:06:24.0968 8000 [ 53C0DF6C5139CB78A631E7AFCD893730 ] kltdi C:\WINDOWS\system32\DRIVERS\kltdi.sys
20:06:24.0968 8000 kltdi - ok
20:06:24.0984 8000 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:06:25.0062 8000 kmixer - ok
20:06:25.0078 8000 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\WINDOWS\system32\DRIVERS\kneps.sys
20:06:25.0078 8000 kneps - ok
20:06:25.0109 8000 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:06:25.0156 8000 KSecDD - ok
20:06:25.0187 8000 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:06:25.0203 8000 lanmanserver - ok
20:06:25.0234 8000 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:06:25.0265 8000 lanmanworkstation - ok
20:06:25.0281 8000 lbrtfdc - ok
20:06:25.0312 8000 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:06:25.0375 8000 LmHosts - ok
20:06:25.0406 8000 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
20:06:25.0406 8000 MBAMProtector - ok
20:06:25.0453 8000 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:06:25.0468 8000 MBAMScheduler - ok
20:06:25.0484 8000 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
20:06:25.0515 8000 MBAMService - ok
20:06:25.0531 8000 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:06:25.0609 8000 Messenger - ok
20:06:25.0640 8000 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:06:25.0703 8000 mnmdd - ok
20:06:25.0718 8000 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:06:25.0796 8000 mnmsrvc - ok
20:06:25.0828 8000 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:06:25.0890 8000 Modem - ok
20:06:25.0921 8000 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
20:06:25.0968 8000 Monfilt - ok
20:06:25.0984 8000 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:06:26.0046 8000 Mouclass - ok
20:06:26.0062 8000 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:06:26.0140 8000 mouhid - ok
20:06:26.0171 8000 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:06:26.0218 8000 MountMgr - ok
20:06:26.0218 8000 mraid35x - ok
20:06:26.0234 8000 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:06:26.0281 8000 MRxDAV - ok
20:06:26.0312 8000 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:06:26.0375 8000 MRxSmb - ok
20:06:26.0406 8000 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:06:26.0484 8000 MSDTC - ok
20:06:26.0500 8000 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:06:26.0562 8000 Msfs - ok
20:06:26.0562 8000 MSIServer - ok
20:06:26.0578 8000 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:06:26.0640 8000 MSKSSRV - ok
20:06:26.0656 8000 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:06:26.0703 8000 MSPCLOCK - ok
20:06:26.0718 8000 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:06:26.0781 8000 MSPQM - ok
20:06:26.0796 8000 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:06:26.0859 8000 mssmbios - ok
20:06:26.0890 8000 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:06:26.0921 8000 Mup - ok
20:06:26.0968 8000 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
20:06:27.0031 8000 napagent - ok
20:06:27.0046 8000 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:06:27.0109 8000 NDIS - ok
20:06:27.0125 8000 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:06:27.0156 8000 NdisTapi - ok
20:06:27.0187 8000 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:06:27.0265 8000 Ndisuio - ok
20:06:27.0281 8000 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:06:27.0343 8000 NdisWan - ok
20:06:27.0375 8000 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:06:27.0406 8000 NDProxy - ok
20:06:27.0421 8000 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
20:06:27.0453 8000 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:06:27.0453 8000 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:06:27.0484 8000 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:06:27.0546 8000 NetBIOS - ok
20:06:27.0578 8000 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:06:27.0640 8000 NetBT - ok
20:06:27.0671 8000 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
20:06:27.0750 8000 NetDDE - ok
20:06:27.0750 8000 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:06:27.0812 8000 NetDDEdsdm - ok
20:06:27.0828 8000 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:06:27.0875 8000 Netlogon - ok
20:06:27.0890 8000 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
20:06:27.0953 8000 Netman - ok
20:06:27.0984 8000 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:06:28.0015 8000 NetTcpPortSharing - ok
20:06:28.0031 8000 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:06:28.0078 8000 NIC1394 - ok
20:06:28.0093 8000 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
20:06:28.0109 8000 Nla - ok
20:06:28.0125 8000 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:06:28.0187 8000 Npfs - ok
20:06:28.0203 8000 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:06:28.0281 8000 Ntfs - ok
20:06:28.0312 8000 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:06:28.0359 8000 NtLmSsp - ok
20:06:28.0390 8000 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:06:28.0453 8000 NtmsSvc - ok
20:06:28.0468 8000 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:06:28.0531 8000 Null - ok
20:06:28.0546 8000 [ 68C890DDB21028CB1EA5551B47B29E1B ] nusb3hub C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
20:06:28.0562 8000 nusb3hub - ok
20:06:28.0593 8000 [ 2CF970C1A9E05D3B91039C2DD4471C0E ] nusb3xhc C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
20:06:28.0625 8000 nusb3xhc - ok
20:06:28.0656 8000 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:06:28.0734 8000 NwlnkFlt - ok
20:06:28.0750 8000 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:06:28.0812 8000 NwlnkFwd - ok
20:06:28.0828 8000 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:06:28.0906 8000 ohci1394 - ok
20:06:28.0937 8000 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
20:06:28.0953 8000 ose - ok
20:06:28.0968 8000 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:06:29.0031 8000 Parport - ok
20:06:29.0046 8000 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:06:29.0125 8000 PartMgr - ok
20:06:29.0140 8000 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:06:29.0203 8000 ParVdm - ok
20:06:29.0218 8000 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:06:29.0281 8000 PCI - ok
20:06:29.0281 8000 PCIDump - ok
20:06:29.0281 8000 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:06:29.0359 8000 PCIIde - ok
20:06:29.0375 8000 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:06:29.0437 8000 Pcmcia - ok
20:06:29.0437 8000 PDCOMP - ok
20:06:29.0437 8000 PDFRAME - ok
20:06:29.0437 8000 PDRELI - ok
20:06:29.0453 8000 PDRFRAME - ok
20:06:29.0453 8000 perc2 - ok
20:06:29.0453 8000 perc2hib - ok
20:06:29.0468 8000 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
20:06:29.0484 8000 PlugPlay - ok
20:06:29.0515 8000 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
20:06:29.0531 8000 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:06:29.0531 8000 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:06:29.0531 8000 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:06:29.0593 8000 PolicyAgent - ok
20:06:29.0609 8000 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:06:29.0671 8000 PptpMiniport - ok
20:06:29.0671 8000 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:06:29.0750 8000 Processor - ok
20:06:29.0750 8000 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:06:29.0796 8000 ProtectedStorage - ok
20:06:29.0796 8000 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:06:29.0859 8000 PSched - ok
20:06:29.0890 8000 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:06:29.0953 8000 Ptilink - ok
20:06:29.0953 8000 ql1080 - ok
20:06:29.0968 8000 Ql10wnt - ok
20:06:29.0968 8000 ql12160 - ok
20:06:29.0968 8000 ql1240 - ok
20:06:29.0984 8000 ql1280 - ok
20:06:29.0984 8000 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:06:30.0046 8000 RasAcd - ok
20:06:30.0078 8000 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:06:30.0156 8000 RasAuto - ok
20:06:30.0156 8000 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:06:30.0218 8000 Rasl2tp - ok
20:06:30.0250 8000 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:06:30.0312 8000 RasMan - ok
20:06:30.0312 8000 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:06:30.0375 8000 RasPppoe - ok
20:06:30.0375 8000 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:06:30.0453 8000 Raspti - ok
20:06:30.0468 8000 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:06:30.0531 8000 Rdbss - ok
20:06:30.0531 8000 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:06:30.0609 8000 RDPCDD - ok
20:06:30.0625 8000 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:06:30.0703 8000 rdpdr - ok
20:06:30.0718 8000 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:06:30.0765 8000 RDPWD - ok
20:06:30.0796 8000 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:06:30.0843 8000 RDSessMgr - ok
20:06:30.0875 8000 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:06:30.0937 8000 redbook - ok
20:06:30.0968 8000 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:06:31.0015 8000 RemoteAccess - ok
20:06:31.0031 8000 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:06:31.0093 8000 RemoteRegistry - ok
20:06:31.0109 8000 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
20:06:31.0187 8000 RpcLocator - ok
20:06:31.0203 8000 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:06:31.0218 8000 RpcSs - ok
20:06:31.0234 8000 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:06:31.0296 8000 RSVP - ok
20:06:31.0375 8000 [ 3A5D16604E1744964E08432354C489A3 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtKHDMI.sys
20:06:31.0531 8000 RTHDMIAzAudService - ok
20:06:31.0562 8000 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:06:31.0640 8000 rtl8139 - ok
20:06:31.0656 8000 [ C48E7BBC6A17A0676079E11A13E82549 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
20:06:31.0671 8000 RTLE8023xp - ok
20:06:31.0687 8000 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
20:06:31.0734 8000 SamSs - ok
20:06:31.0765 8000 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:06:31.0843 8000 SCardSvr - ok
20:06:31.0859 8000 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:06:31.0906 8000 Schedule - ok
20:06:31.0937 8000 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:06:32.0000 8000 Secdrv - ok
20:06:32.0015 8000 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
20:06:32.0093 8000 seclogon - ok
20:06:32.0093 8000 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
20:06:32.0156 8000 SENS - ok
20:06:32.0171 8000 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:06:32.0218 8000 serenum - ok
20:06:32.0234 8000 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:06:32.0312 8000 Serial - ok
20:06:32.0328 8000 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:06:32.0375 8000 Sfloppy - ok
20:06:32.0421 8000 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:06:32.0468 8000 SharedAccess - ok
20:06:32.0500 8000 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:06:32.0500 8000 ShellHWDetection - ok
20:06:32.0515 8000 Simbad - ok
20:06:32.0609 8000 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:06:32.0687 8000 Skype C2C Service - ok
20:06:32.0734 8000 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
20:06:32.0734 8000 SkypeUpdate - ok
20:06:32.0765 8000 Sparrow - ok
20:06:32.0765 8000 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:06:32.0828 8000 splitter - ok
20:06:32.0859 8000 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:06:32.0906 8000 Spooler - ok
20:06:32.0906 8000 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:06:32.0968 8000 sr - ok
20:06:32.0984 8000 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
20:06:33.0062 8000 srservice - ok
20:06:33.0078 8000 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:06:33.0125 8000 Srv - ok
20:06:33.0156 8000 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:06:33.0218 8000 SSDPSRV - ok
20:06:33.0218 8000 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:06:33.0312 8000 stisvc - ok
20:06:33.0343 8000 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:06:33.0390 8000 swenum - ok
20:06:33.0421 8000 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:06:33.0515 8000 swmidi - ok
20:06:33.0515 8000 SwPrv - ok
20:06:33.0515 8000 symc810 - ok
20:06:33.0515 8000 symc8xx - ok
20:06:33.0546 8000 sym_hi - ok
20:06:33.0546 8000 sym_u3 - ok
20:06:33.0546 8000 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:06:33.0593 8000 sysaudio - ok
20:06:33.0625 8000 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:06:33.0687 8000 SysmonLog - ok
20:06:33.0734 8000 [ DAD1A4D96291139C0F834B138320E475 ] TabletServicePen C:\WINDOWS\system32\Pen_Tablet.exe
20:06:33.0765 8000 TabletServicePen - ok
20:06:33.0781 8000 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:06:33.0843 8000 TapiSrv - ok
20:06:33.0875 8000 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:06:33.0906 8000 Tcpip - ok
20:06:33.0921 8000 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:06:34.0000 8000 TDPIPE - ok
20:06:34.0000 8000 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:06:34.0062 8000 TDTCP - ok
20:06:34.0078 8000 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:06:34.0125 8000 TermDD - ok
20:06:34.0156 8000 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
20:06:34.0218 8000 TermService - ok
20:06:34.0250 8000 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:06:34.0250 8000 Themes - ok
20:06:34.0281 8000 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:06:34.0343 8000 TlntSvr - ok
20:06:34.0343 8000 TosIde - ok
20:06:34.0390 8000 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:06:34.0453 8000 TrkWks - ok
20:06:34.0484 8000 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:06:34.0546 8000 Udfs - ok
20:06:34.0546 8000 ultra - ok
20:06:34.0578 8000 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:06:34.0656 8000 Update - ok
20:06:34.0671 8000 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:06:34.0734 8000 upnphost - ok
20:06:34.0765 8000 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
20:06:34.0828 8000 UPS - ok
20:06:34.0875 8000 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:06:34.0921 8000 usbccgp - ok
20:06:34.0937 8000 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:06:34.0984 8000 usbehci - ok
20:06:35.0015 8000 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:06:35.0078 8000 usbhub - ok
20:06:35.0093 8000 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:06:35.0156 8000 usbohci - ok
20:06:35.0203 8000 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:06:35.0265 8000 usbprint - ok
20:06:35.0281 8000 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:06:35.0328 8000 USBSTOR - ok
20:06:35.0343 8000 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:06:35.0406 8000 VgaSave - ok
20:06:35.0406 8000 ViaIde - ok
20:06:35.0437 8000 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:06:35.0515 8000 VolSnap - ok
20:06:35.0546 8000 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
20:06:35.0609 8000 VSS - ok
20:06:35.0625 8000 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
20:06:35.0687 8000 W32Time - ok
20:06:35.0718 8000 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
20:06:35.0734 8000 wacommousefilter - ok
20:06:35.0734 8000 [ 73E6F16A1F187D71FB26AF308551E54A ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
20:06:35.0734 8000 wacomvhid - ok
20:06:35.0750 8000 [ 889459833432B161CB99CFDF84A1A9BB ] WacomVKHid C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
20:06:35.0750 8000 WacomVKHid - ok
20:06:35.0750 8000 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:06:35.0828 8000 Wanarp - ok
20:06:35.0828 8000 WDICA - ok
20:06:35.0843 8000 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:06:35.0906 8000 wdmaud - ok
20:06:35.0937 8000 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:06:36.0015 8000 WebClient - ok
20:06:36.0078 8000 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:06:36.0140 8000 winmgmt - ok
20:06:36.0171 8000 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
20:06:36.0218 8000 WmdmPmSN - ok
20:06:36.0250 8000 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:06:36.0265 8000 Wmi - ok
20:06:36.0296 8000 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:06:36.0375 8000 WmiAcpi - ok
20:06:36.0406 8000 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:06:36.0468 8000 WmiApSrv - ok
20:06:36.0500 8000 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:06:36.0578 8000 wscsvc - ok
20:06:36.0593 8000 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:06:36.0656 8000 wuauserv - ok
20:06:36.0687 8000 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:06:36.0781 8000 WZCSVC - ok
20:06:36.0796 8000 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:06:36.0875 8000 xmlprov - ok
20:06:36.0875 8000 ================ Scan global ===============================
20:06:36.0906 8000 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
20:06:36.0921 8000 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:06:36.0921 8000 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:06:36.0937 8000 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
20:06:36.0937 8000 [Global] - ok
20:06:36.0937 8000 ================ Scan MBR ==================================
20:06:36.0953 8000 [ AD9B705AB096A51023121C8E7DB9D21B ] \Device\Harddisk0\DR0
20:06:37.0109 8000 \Device\Harddisk0\DR0 - ok
20:06:37.0109 8000 ================ Scan VBR ==================================
20:06:37.0109 8000 [ 59C4A5AD665F21126522ED0F5B9EC94D ] \Device\Harddisk0\DR0\Partition1
20:06:37.0109 8000 \Device\Harddisk0\DR0\Partition1 - ok
20:06:37.0140 8000 [ 602EE595B99A90BADE824FFD9F5907B5 ] \Device\Harddisk0\DR0\Partition2
20:06:37.0140 8000 \Device\Harddisk0\DR0\Partition2 - ok
20:06:37.0140 8000 ============================================================
20:06:37.0140 8000 Scan finished
20:06:37.0140 8000 ============================================================
20:06:37.0265 7792 Detected object count: 6
20:06:37.0265 7792 Actual detected object count: 6
20:06:55.0328 7792 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:55.0328 7792 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:55.0328 7792 Ext2fs ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:55.0328 7792 Ext2fs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:55.0328 7792 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:55.0328 7792 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:55.0328 7792 IfsMount ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:55.0328 7792 IfsMount ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:55.0359 7792 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:55.0359 7792 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:55.0359 7792 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:55.0359 7792 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Hier ist das heutige Log von Malwarebytes: Code:
ATTFilter 2013/03/06 10:20:14 +0100 FB08-PC-THEO3 MESSAGE Starting protection
2013/03/06 10:20:14 +0100 FB08-PC-THEO3 MESSAGE Protection started successfully
2013/03/06 10:20:14 +0100 FB08-PC-THEO3 MESSAGE Starting IP protection
2013/03/06 10:20:52 +0100 FB08-PC-THEO3 *** MESSAGE IP Protection started successfully
2013/03/06 10:29:25 +0100 FB08-PC-THEO3 *** MESSAGE Executing scheduled update: Daily
2013/03/06 10:29:44 +0100 FB08-PC-THEO3 *** MESSAGE Starting database refresh
2013/03/06 10:29:44 +0100 FB08-PC-THEO3 *** MESSAGE Stopping IP protection
2013/03/06 10:29:44 +0100 FB08-PC-THEO3 *** MESSAGE IP Protection stopped successfully
2013/03/06 10:29:44 +0100 FB08-PC-THEO3 *** MESSAGE Scheduled update executed successfully: database updated from version v2013.03.05.07 to version v2013.03.06.07
2013/03/06 10:29:47 +0100 FB08-PC-THEO3 *** MESSAGE Database refreshed successfully
2013/03/06 10:29:47 +0100 FB08-PC-THEO3 *** MESSAGE Starting IP protection
2013/03/06 10:30:32 +0100 FB08-PC-THEO3 *** MESSAGE IP Protection started successfully
2013/03/06 12:17:40 +0100 FB08-PC-THEO3 *** IP-BLOCK 89.28.53.136 (Type: incoming)
2013/03/06 12:17:41 +0100 FB08-PC-THEO3 *** IP-BLOCK 89.28.53.136 (Type: incoming)
2013/03/06 12:17:43 +0100 FB08-PC-THEO3 *** IP-BLOCK 89.28.53.136 (Type: incoming)
2013/03/06 12:17:44 +0100 FB08-PC-THEO3 *** IP-BLOCK 89.28.53.136 (Type: incoming)
2013/03/06 12:17:49 +0100 FB08-PC-THEO3 *** IP-BLOCK 89.28.53.136 (Type: incoming)
2013/03/06 12:17:50 +0100 FB08-PC-THEO3 *** IP-BLOCK 89.28.53.136 (Type: incoming)
|
|
06.03.2013, 18:07
| #8 |
| /// Malware-holic | Trojaner AAJX (?) Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.03.2013, 06:19
| #9 |
| | Trojaner AAJX (?) Hallo nochmal, Combofix scheint sich mit meinem Computer nicht zu vertragen. Ich habe es den Anweisungen entsprechend auf dem Deskotp gespeichert und ausgeführt, es hat erfolgreich die Wiederherstellungskonsole installiert und sah danach so aus als würde es anfangen, zu scannen. Es sagt, dass der Scan normalerweise 10 Minuten dauern sollte, sich die Zeit aber verdoppeln kann, wenn der Computer schwer infiziert ist. Ich habe den Scan gestern abend um 17:30 Uhr gestartet und bis eben gerade laufen lassen, er ist also über 12 Stunden gelaufen, ohne dass irgendwas passiert ist oder Combofix etwas Weiteres angezeigt hat. Da habe ich versucht, es abzubrechen, jedoch war der Computer vollständig eingefroren, sodass nur der Reset-Knopf geholfen hat. Virenscanner und Malwarebytes und andere Hintergrundprogramme wie Dropbox, ext2fsd, Live-Messenger habe ich vor dem Scan beendet. Meine Netwerkverbindung hatte ich schon gekappt, bevor ich den Virenscanner deaktiviert habe. Was soll ich jetzt machen?  edit: Ich habe gerade per Taskmanager alle Tasks, von denen ich weiß, was sie sind und die nicht unbedingt benötigt werden (z.B. Pen Tablet-Dienst, CCC, jusched), beendet und Combofix ausgeführt. Gleicher Effekt wie vorher. Es bleibt bei der Nachricht, dass es normalerweise 10 Minuten dauert, stehen. Nur der Underscore im Combofix-Fenster blinkt noch. Ich habe 15 Minuten gewartet und nichts ist passiert  Geändert von Muh-Kuh (08.03.2013 um 06:49 Uhr) |
|
08.03.2013, 19:24
| #10 |
| /// Malware-holic | Trojaner AAJX (?) combofix abbrechen, neustarten, abgesicherter Modus, dort in deinem konto anmelden, combofix noch mal ausführen. neustarten und log posten wenn es durchgelaufen ist
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Trojaner AAJX (?) |
| 32 bit, 7-zip, amerika, antivir, audiograbber, avira, bho, branding, browser, computer, einstellungen, error, explorer, firefox, flash player, format, h.264/mpeg-4, helper, homepage, internet, internet browser, logfile, msiinstaller, object, opera, plug-in, realtek, registry, rundll, schadsoftware eingefangen, security, starten, trojaner, udp, unknown mbr, usb, windows internet, wrapper |
WARNUNG an die MITLESER: 
Linear-Darstellung
