TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität
Hallo, seit Dienstag meldet sich Avira auf unserem Büro-Rechner mit den Trojaner Funden: TR/Atraps.Gen2 TR/Sirefef.AG.35 und TR/Small.FI
Ein Scan mit Malewarebytes hat den Fund bestätigt.
In Quarantäne verschieben funktioniert nicht. Ich bin keine Anleitungen zum enfernen durchgegangen, weil in einer Anleitung stand, dass jede Infektion einer individuellen Behandlung Bedarf.
Ich würde mich seeeeehr freuen, wenn mir jemand helfen könnte.
Hier die Logs:
OTL
OTL Logfile: Code:
OTL logfile created on: 27.06.2012 11:44:08 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Dokumente und Einstellungen\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 75,41% Memory free
5,34 Gb Paging File | 4,49 Gb Available in Paging File | 84,16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 931,50 Gb Total Space | 899,12 Gb Free Space | 96,52% Space Free | Partition Type: NTFS
Drive D: | 931,50 Gb Total Space | 651,39 Gb Free Space | 69,93% Space Free | Partition Type: NTFS
Computer Name: BUERO-1 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.27 11:19:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe
PRC - [2012.05.14 16:03:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.14 16:03:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.14 16:03:03 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 16:03:03 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.14 16:03:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.14 16:03:03 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.04 16:05:47 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\spotify.exe
PRC - [2012.05.04 16:05:46 | 000,932,528 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.12.09 19:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2011.10.31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe
PRC - [2011.10.27 11:17:20 | 001,927,120 | ---- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\NasNavi.exe
PRC - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.03.03 19:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProTray.exe
PRC - [2010.03.03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProSvc.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.09.21 20:19:20 | 001,964,528 | ---- | M] (Symantec) -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2009.05.15 10:37:00 | 000,206,128 | ---- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\nassche.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.11 02:17:30 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2001.08.18 04:54:46 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfRsmg.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.14 08:56:45 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.14 08:15:20 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.14 08:14:27 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.13 13:31:18 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.05.14 16:03:04 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.05.11 12:49:16 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.11 12:49:01 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.05.10 14:43:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.10 14:42:39 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.10 14:42:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.05.04 16:05:47 | 020,101,120 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\libcef.dll
MOD - [2012.05.04 16:05:46 | 000,932,528 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.03.14 18:18:51 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3748.36848__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011.03.14 18:18:51 | 000,380,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3748.36826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:51 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011.03.14 18:18:51 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:51 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:51 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:51 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:51 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3748.36875__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011.03.14 18:18:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:50 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:50 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TutorialInfoCentre.Graphics.Dashboard\2.0.3748.36964__90ba9c70f846762e\CLI.Aspect.TutorialInfoCentre.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011.03.14 18:18:50 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3748.36931__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:50 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:50 | 000,013,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:50 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:49 | 000,655,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3748.36942__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:49 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:48 | 000,856,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3748.36878__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:48 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3748.36851__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:48 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3748.36900__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011.03.14 18:18:48 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3748.36838__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:48 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:48 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3748.36855__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:47 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:47 | 000,376,832 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3748.36871__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:47 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:47 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:47 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:47 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3748.36884__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:47 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3748.36820__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.03.14 18:18:47 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3748.36817__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.03.14 18:18:47 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011.03.14 18:18:47 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011.03.14 18:18:47 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011.03.14 18:18:46 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3748.36815__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.03.14 18:18:46 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3748.36816__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.03.14 18:18:46 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011.03.14 18:18:46 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3748.36928__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.03.14 18:18:46 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3748.36819__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.03.14 18:18:46 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3748.36826__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3748.36819__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3748.36816__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.03.14 18:18:45 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.03.14 18:18:45 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3748.36923__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.03.14 18:18:45 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2011.03.14 18:18:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,009,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3748.36817__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3748.36825__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.03.14 18:18:45 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3748.36820__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3748.36867__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3748.36882__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3748.36825__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3748.36817__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011.03.14 18:18:44 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3748.36822__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.03.14 18:18:43 | 000,741,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3748.36957__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011.03.14 18:18:43 | 000,577,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3748.36917__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011.03.14 18:18:43 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.03.14 18:18:43 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3748.36923__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.03.14 18:18:43 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3748.36921__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.03.14 18:18:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.03.14 18:18:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3748.36820__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.03.14 18:18:43 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3748.36818__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.03.14 18:18:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3748.36819__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.03.14 18:18:43 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011.03.14 18:18:43 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011.03.14 18:18:43 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3748.36842__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.03.14 18:18:43 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3748.36824__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011.03.14 18:18:43 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3748.36822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011.03.14 18:18:42 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3748.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011.03.14 18:18:42 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3748.36824__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.03.14 18:18:42 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3748.36825__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011.03.14 18:18:42 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3748.36821__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.03.14 18:18:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3748.36830__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.03.14 18:18:42 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3748.36831__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.03.14 18:18:41 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3748.36823__90ba9c70f846762e\APM.Server.dll
MOD - [2011.03.14 18:18:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3748.36822__90ba9c70f846762e\AEM.Server.dll
MOD - [2011.03.14 18:18:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011.03.14 18:18:41 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3748.36923__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.03.14 18:18:41 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3748.36849__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010.08.16 00:08:44 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010.01.08 15:15:34 | 001,552,384 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Programme\Notepad++\NppShell_01.dll
MOD - [2009.05.26 20:15:36 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.05.26 20:15:35 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.02.11 02:17:30 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
MOD - [2007.06.03 09:46:31 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\cl66cl3.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.06.25 13:46:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.22 12:26:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.14 16:03:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 16:03:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.14 16:03:03 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 16:03:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.03.03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010.02.12 07:09:06 | 001,574,408 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.09.21 20:19:20 | 001,964,528 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\AmdK8.sys -- (AmdK8)
DRV - [2012.05.14 16:03:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.14 16:03:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.11 16:06:12 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.20 10:44:24 | 006,026,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.04.08 10:11:36 | 000,101,904 | R--- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.04.07 04:42:04 | 004,687,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.02.12 07:10:12 | 000,057,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2009.11.18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.10.01 22:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.09.21 20:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2009.09.21 20:20:42 | 000,138,592 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap)
DRV - [2009.09.04 07:46:08 | 000,045,056 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009.05.27 13:24:29 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008.04.14 08:03:54 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008.01.19 19:45:40 | 000,038,112 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount)
DRV - [2007.12.14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006.11.24 04:34:54 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001.08.18 05:21:04 | 000,039,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParwdm.sys -- (BrParWdm) Brother WDM-Treiber (parallel)
DRV - [2001.08.17 14:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParImg.sys -- (brparimg)
DRV - [2001.08.17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn) Brother MFC-Scannertreiber (USB)
DRV - [2001.08.17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://groupware.vfs-langenhagen.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.22 12:26:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.13 15:39:36 | 000,000,000 | ---D | M]
[2010.12.02 11:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Extensions
[2010.12.02 11:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.05.02 14:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yx8gn338.default\extensions
[2010.07.02 14:23:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yx8gn338.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.06.08 14:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Sunbird\Profiles\6iyd0i52.default\extensions
[2012.05.04 14:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.14 14:17:48 | 000,709,293 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\YX8GN338.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.06.22 12:26:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.11 13:12:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2012.06.22 12:26:20 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.22 12:26:20 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.22 12:26:20 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.22 12:26:20 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 12:26:20 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 12:26:20 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2001.08.31 23:23:36 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Programme\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Spotify] C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\BUFFALO NAS Navigator2.lnk = C:\Programme\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\NAS Scheduler.lnk = C:\Programme\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Quicken 2009 Zahlungserinnerung.lnk = C:\Programme\Quicken\2009\billmind.exe (Lexware GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 80
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99277728-F2C2-46E7-B3A0-2E8743EA09DC}: NameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.05.19 18:28:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{112181fa-a3a1-11df-9df5-00241d126e9d}\Shell - "" = AutoRun
O33 - MountPoints2\{112181fa-a3a1-11df-9df5-00241d126e9d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{112181fa-a3a1-11df-9df5-00241d126e9d}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Bin\Assetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.06.27 11:41:20 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe
[2012.06.27 10:13:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Malwarebytes
[2012.06.27 10:13:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.06.27 10:13:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.27 10:13:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.06.27 10:13:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.06.27 09:50:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2012.06.04 13:03:02 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[2012.05.31 10:29:28 | 000,000,000 | ---D | C] -- C:\Programme\Canon
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.06.27 11:46:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.27 11:40:37 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\defogger_reenable
[2012.06.27 11:38:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.27 11:38:07 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.27 11:38:00 | 000,002,644 | ---- | M] () -- C:\WINDOWS\BRMFBIDI.INI
[2012.06.27 11:37:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.27 11:37:23 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2012.06.27 11:19:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe
[2012.06.27 11:12:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.27 10:13:33 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.21 09:39:37 | 000,035,328 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.14 08:13:18 | 000,377,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.13 13:31:31 | 000,499,742 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.13 13:31:31 | 000,475,446 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.13 13:31:31 | 000,101,642 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.13 13:31:31 | 000,084,976 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.13 13:28:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.04 13:03:10 | 000,001,034 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\Dropbox.lnk
[2012.06.04 13:02:54 | 000,001,026 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Dropbox.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.06.27 11:42:32 | 000,001,648 | ---- | C] () -- C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\00000001.@
[2012.06.27 11:40:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\defogger_reenable
[2012.06.27 11:37:02 | 000,018,944 | ---- | C] () -- C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\800000cb.@
[2012.06.27 11:37:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\80000000.@
[2012.06.27 10:13:33 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.17 15:34:08 | 000,015,022 | ---- | C] () -- C:\WINDOWS\UN060501.INI
[2012.02.15 16:17:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.31 18:12:44 | 000,001,040 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\advanced_ip_scanner_MAC.bin
[2011.07.08 15:19:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011.05.12 13:43:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.04.26 17:09:48 | 000,000,019 | ---- | C] () -- C:\WINDOWS\QwTools.INI
[2011.03.14 18:17:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.03.14 18:17:24 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.03.14 18:17:24 | 000,202,234 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.03.14 18:17:24 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.03.14 18:17:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2011.03.14 18:17:00 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2011.03.14 17:44:23 | 000,021,536 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011.03.14 17:44:22 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011.03.14 17:37:13 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011.03.14 17:33:00 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010.12.02 14:18:46 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage3.dll
[2010.12.02 14:18:46 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2010.12.02 14:18:46 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2010.12.02 14:18:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe
[2010.12.02 13:54:19 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SW_Win9423X24.DLL
[2010.11.18 15:49:18 | 000,000,374 | ---- | C] () -- C:\WINDOWS\capture.ini
[2010.08.20 11:45:47 | 000,000,014 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\usb001
[2010.07.27 23:16:22 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_9880.ini
[2010.07.27 23:16:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010.07.22 22:02:00 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD5250DN.DAT
[2010.06.11 15:46:23 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2009.07.02 11:03:38 | 000,013,017 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Kommagetrennte Werte (Windows).CAL
[2009.06.05 13:53:36 | 000,035,328 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.27 15:31:59 | 000,000,512 | ---- | C] () -- C:\Programme\hbedv.key
[2009.05.27 13:39:16 | 003,211,264 | ---- | C] () -- C:\Programme\Gemeinsame DateienDDBACSetup.msi
[2009.05.20 13:12:06 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.04.14 07:51:54 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@
[2008.04.14 07:51:54 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@
========== LOP Check ==========
[2009.05.27 13:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Buhl Data Service
[2010.11.15 14:07:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Buhl Data Service GmbH
[2012.02.21 16:59:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\DL
[2012.06.27 11:39:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox
[2012.06.13 13:22:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\FileZilla
[2010.03.18 11:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\fotobuch.de AG
[2012.03.01 19:09:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\FreeFileSync
[2011.11.22 15:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\InfoRapid KnowledgeMap
[2009.05.20 13:12:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\IsolatedStorage
[2009.05.27 13:38:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Lexware
[2012.02.17 16:52:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\MediaMonkey
[2012.04.17 15:35:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\NASNaviator2
[2010.07.13 19:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Notepad++
[2009.06.11 09:35:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\OfficeUpdate12
[2012.06.27 11:44:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify
[2012.02.10 16:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\streamripper
[2010.12.02 11:19:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\TomTom
[2009.05.27 13:46:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2010.03.18 11:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotobuch.de AG
[2009.05.27 13:38:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2012.02.10 17:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MediaMonkey
[2010.11.18 15:48:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2010.12.02 11:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2011.04.18 14:49:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
========== Purity Check ==========
< End of report >
--- --- ---
[/code]
GMER - Nach dem Scan von GMER erschien die Nachricht:
"GMER has found system modification, which might have been caused by ROOTKIT activity." Nach dem Speichern und Öffnen des Logs wurde GMER von Windows geschlossen, weil "ein Fehler festgestellt wurde".
GMER Logfile: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-28 08:13:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-e ST31000333AS rev.CC1H
Running: yqmpbmgg.exe; Driver: C:\DOKUME~1\admin\LOKALE~1\Temp\ugtdqpob.sys
---- System - GMER 1.0.15 ----
SSDT F7BD07DC ZwClose
SSDT F7BD0796 ZwCreateKey
SSDT F7BD07E6 ZwCreateSection
SSDT F7BD07BE ZwCreateSymbolicLinkObject
SSDT F7BD078C ZwCreateThread
SSDT F7BD079B ZwDeleteKey
SSDT F7BD07A5 ZwDeleteValueKey
SSDT F7BD07D7 ZwDuplicateObject
SSDT F7BD07C3 ZwLoadDriver
SSDT F7BD07AA ZwLoadKey
SSDT F7BD0778 ZwOpenProcess
SSDT F7BD07B9 ZwOpenSection
SSDT F7BD077D ZwOpenThread
SSDT F7BD07FF ZwQueryValueKey
SSDT F7BD07B4 ZwReplaceKey
SSDT F7BD07F0 ZwRequestWaitReplyPort
SSDT F7BD07AF ZwRestoreKey
SSDT F7BD07EB ZwSetContextThread
SSDT F7BD07F5 ZwSetSecurityObject
SSDT F7BD07C8 ZwSetSystemInformation
SSDT F7BD07A0 ZwSetValueKey
SSDT F7BD07FA ZwSystemDebugControl
SSDT F7BD0787 ZwTerminateProcess
SSDT F7BD0782 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF652B000, 0x235F87, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Mozilla Firefox\firefox.exe[2480] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 0115FA35 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[2480] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 014007C5 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[2480] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0140079E C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[2480] GDI32.dll!CreateDIBSection 77EF9E19 5 Bytes JMP 01400728 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
---- Processes - GMER 1.0.15 ----
Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1156] 0x45670000
Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1804] 0x45670000
---- EOF - GMER 1.0.15 ----
--- --- ---
Anti-Malware Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org
Datenbank Version: v2012.06.27.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
admin :: BUERO-1 [Administrator]
Schutz: Aktiviert
27.06.2012 10:14:19
mbam-log-2012-06-27 (11-32-30).txt
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 344172
Laufzeit: 1 Stunde(n), 16 Minute(n), 59 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bösartig: (\\.\globalroot\systemroot\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\n.) Gut: (wbemess.dll) -> Keine Aktion durchgeführt.
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 5
C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.
C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
(Ende)
In der Posting Anleitung stand ich solle die "dds.txt" und "attach.txt" nach den Scans posten, die wurden aber weder von OTL noch von GMER erstellt. Ich habe noch ein Log von Avira und die Extras.txt von OTL, wenn das noch weiterhilft.
Log vom TDSSKiller: Code:
09:12:35.0265 4048 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
09:12:35.0343 4048 ============================================================
09:12:35.0343 4048 Current date / time: 2012/06/28 09:12:35.0343
09:12:35.0343 4048 SystemInfo:
09:12:35.0343 4048
09:12:35.0343 4048 OS Version: 5.1.2600 ServicePack: 3.0
09:12:35.0343 4048 Product type: Workstation
09:12:35.0343 4048 ComputerName: BUERO-1
09:12:35.0343 4048 UserName: admin
09:12:35.0343 4048 Windows directory: C:\WINDOWS
09:12:35.0343 4048 System windows directory: C:\WINDOWS
09:12:35.0343 4048 Processor architecture: Intel x86
09:12:35.0343 4048 Number of processors: 2
09:12:35.0343 4048 Page size: 0x1000
09:12:35.0343 4048 Boot type: Normal boot
09:12:35.0343 4048 ============================================================
09:12:37.0062 4048 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:12:37.0109 4048 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:12:37.0187 4048 ============================================================
09:12:37.0187 4048 \Device\Harddisk0\DR0:
09:12:37.0187 4048 MBR partitions:
09:12:37.0187 4048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
09:12:37.0187 4048 \Device\Harddisk1\DR1:
09:12:37.0187 4048 MBR partitions:
09:12:37.0187 4048 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
09:12:37.0187 4048 ============================================================
09:12:37.0234 4048 C: <-> \Device\Harddisk0\DR0\Partition0
09:12:37.0234 4048 D: <-> \Device\Harddisk1\DR1\Partition0
09:12:37.0234 4048 ============================================================
09:12:37.0234 4048 Initialize success
09:12:37.0234 4048 ============================================================
09:12:44.0484 3136 ============================================================
09:12:44.0484 3136 Scan started
09:12:44.0484 3136 Mode: Manual; SigCheck; TDLFS;
09:12:44.0484 3136 ============================================================
09:12:44.0812 3136 Abiosdsk - ok
09:12:44.0812 3136 abp480n5 - ok
09:12:44.0843 3136 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:12:44.0984 3136 ACPI - ok
09:12:45.0015 3136 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:12:45.0093 3136 ACPIEC - ok
09:12:45.0156 3136 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:12:45.0156 3136 AdobeFlashPlayerUpdateSvc - ok
09:12:45.0171 3136 adpu160m - ok
09:12:45.0187 3136 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:12:45.0250 3136 aec - ok
09:12:45.0265 3136 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:12:45.0296 3136 AFD - ok
09:12:45.0296 3136 Aha154x - ok
09:12:45.0296 3136 aic78u2 - ok
09:12:45.0296 3136 aic78xx - ok
09:12:45.0343 3136 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
09:12:45.0406 3136 Alerter - ok
09:12:45.0421 3136 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
09:12:45.0453 3136 ALG - ok
09:12:45.0453 3136 AliIde - ok
09:12:45.0515 3136 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
09:12:45.0906 3136 Ambfilt - ok
09:12:45.0937 3136 AmdK8 - ok
09:12:45.0953 3136 amsint - ok
09:12:46.0046 3136 AntiVirMailService (b9b5dfafea592bd4ca967824ebb42e3d) C:\Programme\Avira\AntiVir Desktop\avmailc.exe
09:12:46.0062 3136 AntiVirMailService - ok
09:12:46.0078 3136 AntiVirSchedulerService (67b1d78711b4386c26241096326ee14a) C:\Programme\Avira\AntiVir Desktop\sched.exe
09:12:46.0093 3136 AntiVirSchedulerService - ok
09:12:46.0109 3136 AntiVirService (845c4e7ae211edad5e0b832126f56932) C:\Programme\Avira\AntiVir Desktop\avguard.exe
09:12:46.0109 3136 AntiVirService - ok
09:12:46.0156 3136 AntiVirWebService (30d71e0c149943a8985d02ea0944f2fe) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
09:12:46.0156 3136 AntiVirWebService - ok
09:12:46.0187 3136 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
09:12:46.0234 3136 AppMgmt - ok
09:12:46.0234 3136 asc - ok
09:12:46.0234 3136 asc3350p - ok
09:12:46.0250 3136 asc3550 - ok
09:12:46.0312 3136 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:12:46.0312 3136 aspnet_state - ok
09:12:46.0343 3136 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:12:46.0390 3136 AsyncMac - ok
09:12:46.0406 3136 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:12:46.0484 3136 atapi - ok
09:12:46.0484 3136 Atdisk - ok
09:12:46.0515 3136 Ati HotKey Poller (43c1105ca8492931b45f1a090fa562c8) C:\WINDOWS\system32\Ati2evxx.exe
09:12:46.0531 3136 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning
09:12:46.0531 3136 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)
09:12:46.0687 3136 ati2mtag (c026951271d59ff97deb2a6b4895b416) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:12:46.0796 3136 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
09:12:46.0796 3136 ati2mtag - detected UnsignedFile.Multi.Generic (1)
09:12:46.0921 3136 AtiHdmiService (b9bc23b57765c167806a1feb7a3d16a6) C:\WINDOWS\system32\drivers\AtiHdmi.sys
09:12:46.0921 3136 AtiHdmiService - ok
09:12:46.0937 3136 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:12:47.0000 3136 Atmarpc - ok
09:12:47.0015 3136 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
09:12:47.0078 3136 AudioSrv - ok
09:12:47.0109 3136 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:12:47.0156 3136 audstub - ok
09:12:47.0171 3136 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
09:12:47.0187 3136 avgntflt - ok
09:12:47.0203 3136 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
09:12:47.0203 3136 avipbb - ok
09:12:47.0218 3136 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
09:12:47.0218 3136 avkmgr - ok
09:12:47.0234 3136 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:12:47.0281 3136 Beep - ok
09:12:47.0328 3136 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
09:12:47.0390 3136 BITS - ok
09:12:47.0406 3136 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
09:12:47.0468 3136 brfilt - ok
09:12:47.0484 3136 Brother XP spl Service (34f2f5b6a6d28b8fb872dfd57c5323ac) C:\WINDOWS\system32\brsvc01a.exe
09:12:47.0484 3136 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - warning
09:12:47.0484 3136 Brother XP spl Service - detected UnsignedFile.Multi.Generic (1)
09:12:47.0500 3136 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
09:12:47.0562 3136 Browser - ok
09:12:47.0593 3136 brparimg (e05d9eda91c1b2c4c4f6f5a6d5b14b58) C:\WINDOWS\system32\DRIVERS\BrParImg.sys
09:12:47.0640 3136 brparimg - ok
09:12:47.0687 3136 BrParWdm (19ec96ac43413d39fdac0449b5879339) C:\WINDOWS\system32\Drivers\BrParwdm.sys
09:12:47.0718 3136 BrParWdm - ok
09:12:47.0734 3136 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
09:12:47.0796 3136 BrSerWDM - ok
09:12:47.0812 3136 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
09:12:47.0859 3136 BrUsbMdm - ok
09:12:47.0875 3136 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
09:12:47.0921 3136 BrUsbScn - ok
09:12:47.0968 3136 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS
09:12:47.0984 3136 Cardex - ok
09:12:48.0000 3136 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:12:48.0046 3136 cbidf2k - ok
09:12:48.0062 3136 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:12:48.0125 3136 CCDECODE - ok
09:12:48.0140 3136 cd20xrnt - ok
09:12:48.0140 3136 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:12:48.0203 3136 Cdaudio - ok
09:12:48.0203 3136 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:12:48.0265 3136 Cdfs - ok
09:12:48.0281 3136 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:12:48.0343 3136 Cdrom - ok
09:12:48.0343 3136 Changer - ok
09:12:48.0359 3136 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
09:12:48.0421 3136 CiSvc - ok
09:12:48.0437 3136 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
09:12:48.0484 3136 ClipSrv - ok
09:12:48.0562 3136 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:12:48.0578 3136 clr_optimization_v2.0.50727_32 - ok
09:12:48.0578 3136 CmdIde - ok
09:12:48.0578 3136 COMSysApp - ok
09:12:48.0593 3136 Cpqarray - ok
09:12:48.0609 3136 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
09:12:48.0656 3136 CryptSvc - ok
09:12:48.0671 3136 dac2w2k - ok
09:12:48.0671 3136 dac960nt - ok
09:12:48.0703 3136 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
09:12:48.0734 3136 DcomLaunch - ok
09:12:48.0734 3136 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
09:12:48.0750 3136 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
09:12:48.0750 3136 DgiVecp - detected UnsignedFile.Multi.Generic (1)
09:12:48.0765 3136 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
09:12:48.0828 3136 Dhcp - ok
09:12:48.0828 3136 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:12:48.0890 3136 Disk - ok
09:12:48.0890 3136 dmadmin - ok
09:12:48.0921 3136 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
09:12:49.0000 3136 dmboot - ok
09:12:49.0015 3136 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
09:12:49.0062 3136 dmio - ok
09:12:49.0062 3136 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:12:49.0125 3136 dmload - ok
09:12:49.0125 3136 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
09:12:49.0187 3136 dmserver - ok
09:12:49.0218 3136 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:12:49.0265 3136 DMusic - ok
09:12:49.0281 3136 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
09:12:49.0312 3136 Dnscache - ok
09:12:49.0343 3136 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
09:12:49.0406 3136 Dot3svc - ok
09:12:49.0421 3136 dpti2o - ok
09:12:49.0421 3136 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:12:49.0468 3136 drmkaud - ok
09:12:49.0484 3136 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
09:12:49.0546 3136 EapHost - ok
09:12:49.0546 3136 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
09:12:49.0593 3136 ERSvc - ok
09:12:49.0625 3136 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
09:12:49.0625 3136 Eventlog - ok
09:12:49.0656 3136 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
09:12:49.0671 3136 EventSystem - ok
09:12:49.0703 3136 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:12:49.0750 3136 Fastfat - ok
09:12:49.0781 3136 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
09:12:49.0812 3136 FastUserSwitchingCompatibility - ok
09:12:49.0828 3136 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:12:49.0890 3136 Fdc - ok
09:12:49.0906 3136 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
09:12:49.0968 3136 Fips - ok
09:12:50.0093 3136 FLASHSYS (d3d9311624edd435f42cda7eaa0a6aed) C:\Programme\MSI\Live Update 4\LU4\FLASHSYS.sys
09:12:50.0093 3136 FLASHSYS ( UnsignedFile.Multi.Generic ) - warning
09:12:50.0093 3136 FLASHSYS - detected UnsignedFile.Multi.Generic (1)
09:12:50.0109 3136 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:12:50.0171 3136 Flpydisk - ok
09:12:50.0218 3136 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:12:50.0265 3136 FltMgr - ok
09:12:50.0375 3136 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:12:50.0375 3136 FontCache3.0.0.0 - ok
09:12:50.0406 3136 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:12:50.0468 3136 Fs_Rec - ok
09:12:50.0468 3136 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:12:50.0531 3136 Ftdisk - ok
09:12:50.0546 3136 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
09:12:50.0562 3136 gdrv - ok
09:12:50.0578 3136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:12:50.0578 3136 GEARAspiWDM - ok
09:12:50.0593 3136 GenericMount (69f8f310654d699c7e5bd5c67279980f) C:\WINDOWS\system32\DRIVERS\GenericMount.sys
09:12:50.0609 3136 GenericMount - ok
09:12:50.0687 3136 GenericMount Helper Service (5f0f786d91087c0a76c3ef689a51ca48) C:\Programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
09:12:50.0718 3136 GenericMount Helper Service - ok
09:12:50.0734 3136 GMSIPCI - ok
09:12:50.0796 3136 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:12:50.0875 3136 Gpc - ok
09:12:50.0953 3136 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
09:12:50.0968 3136 gupdate - ok
09:12:50.0968 3136 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
09:12:50.0968 3136 gupdatem - ok
09:12:50.0984 3136 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:12:51.0062 3136 HDAudBus - ok
09:12:51.0109 3136 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:12:51.0171 3136 helpsvc - ok
09:12:51.0187 3136 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
09:12:51.0250 3136 HidServ - ok
09:12:51.0265 3136 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:12:51.0328 3136 hidusb - ok
09:12:51.0343 3136 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
09:12:51.0406 3136 hkmsvc - ok
09:12:51.0406 3136 hpn - ok
09:12:51.0437 3136 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:12:51.0468 3136 HTTP - ok
09:12:51.0484 3136 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
09:12:51.0546 3136 HTTPFilter - ok
09:12:51.0546 3136 i2omgmt - ok
09:12:51.0562 3136 i2omp - ok
09:12:51.0562 3136 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:12:51.0625 3136 i8042prt - ok
09:12:51.0781 3136 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:12:51.0796 3136 idsvc - ok
09:12:51.0812 3136 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:12:51.0859 3136 Imapi - ok
09:12:51.0890 3136 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
09:12:51.0953 3136 ImapiService - ok
09:12:51.0953 3136 ini910u - ok
09:12:52.0125 3136 IntcAzAudAddService (1f46c4aee30e8a2ec20011f2e64d367e) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:12:52.0250 3136 IntcAzAudAddService - ok
09:12:52.0328 3136 IntelIde - ok
09:12:52.0328 3136 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:12:52.0390 3136 intelppm - ok
09:12:52.0406 3136 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:12:52.0468 3136 Ip6Fw - ok
09:12:52.0484 3136 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:12:52.0531 3136 IpFilterDriver - ok
09:12:52.0531 3136 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:12:52.0593 3136 IpInIp - ok
09:12:52.0609 3136 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:12:52.0671 3136 IpNat - ok
09:12:52.0671 3136 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:12:52.0734 3136 IPSec - ok
09:12:52.0750 3136 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:12:52.0781 3136 IRENUM - ok
09:12:52.0796 3136 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:12:52.0859 3136 isapnp - ok
09:12:52.0921 3136 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
09:12:52.0937 3136 JavaQuickStarterService - ok
09:12:52.0953 3136 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:12:53.0015 3136 Kbdclass - ok
09:12:53.0015 3136 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:12:53.0078 3136 kbdhid - ok
09:12:53.0109 3136 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:12:53.0171 3136 kmixer - ok
09:12:53.0187 3136 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:12:53.0218 3136 KSecDD - ok
09:12:53.0234 3136 L1c (573337205057e22e13da1ffbc66a8aaf) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
09:12:53.0250 3136 L1c - ok
09:12:53.0281 3136 LanmanServer (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
09:12:53.0312 3136 LanmanServer - ok
09:12:53.0359 3136 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
09:12:53.0375 3136 lanmanworkstation - ok
09:12:53.0375 3136 lbrtfdc - ok
09:12:53.0546 3136 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
09:12:53.0625 3136 LiveUpdate - ok
09:12:53.0750 3136 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
09:12:53.0796 3136 LmHosts - ok
09:12:53.0859 3136 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
09:12:53.0859 3136 MBAMProtector - ok
09:12:53.0953 3136 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
09:12:53.0968 3136 MBAMService - ok
09:12:54.0015 3136 MDM (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
09:12:54.0031 3136 MDM - ok
09:12:54.0046 3136 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
09:12:54.0109 3136 Messenger - ok
09:12:54.0140 3136 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
09:12:54.0203 3136 mf - ok
09:12:54.0234 3136 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:12:54.0281 3136 mnmdd - ok
09:12:54.0328 3136 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
09:12:54.0390 3136 mnmsrvc - ok
09:12:54.0421 3136 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
09:12:54.0468 3136 Modem - ok
09:12:54.0531 3136 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
09:12:54.0562 3136 Monfilt - ok
09:12:54.0578 3136 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:12:54.0640 3136 Mouclass - ok
09:12:54.0640 3136 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:12:54.0703 3136 mouhid - ok
09:12:54.0718 3136 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:12:54.0781 3136 MountMgr - ok
09:12:54.0812 3136 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
09:12:54.0812 3136 MozillaMaintenance - ok
09:12:54.0828 3136 mraid35x - ok
09:12:54.0843 3136 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:12:54.0890 3136 MRxDAV - ok
09:12:54.0937 3136 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:12:54.0968 3136 MRxSmb - ok
09:12:55.0000 3136 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
09:12:55.0062 3136 MSDTC - ok
09:12:55.0062 3136 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:12:55.0125 3136 Msfs - ok
09:12:55.0125 3136 MSIServer - ok
09:12:55.0156 3136 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:12:55.0218 3136 MSKSSRV - ok
09:12:55.0234 3136 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:12:55.0281 3136 MSPCLOCK - ok
09:12:55.0296 3136 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:12:55.0343 3136 MSPQM - ok
09:12:55.0343 3136 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:12:55.0406 3136 mssmbios - ok
09:12:55.0437 3136 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:12:55.0484 3136 MSTEE - ok
09:12:55.0500 3136 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
09:12:55.0531 3136 MTsensor - ok
09:12:55.0562 3136 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:12:55.0593 3136 Mup - ok
09:12:55.0625 3136 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:12:55.0671 3136 NABTSFEC - ok
09:12:55.0687 3136 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
09:12:55.0750 3136 napagent - ok
09:12:55.0765 3136 NasPmService - ok
09:12:55.0781 3136 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:12:55.0843 3136 NDIS - ok
09:12:55.0859 3136 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:12:55.0906 3136 NdisIP - ok
09:12:55.0984 3136 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:12:56.0000 3136 NdisTapi - ok
09:12:56.0015 3136 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:12:56.0078 3136 Ndisuio - ok
09:12:56.0093 3136 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:12:56.0140 3136 NdisWan - ok
09:12:56.0187 3136 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:12:56.0203 3136 NDProxy - ok
09:12:56.0218 3136 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:12:56.0265 3136 NetBIOS - ok
09:12:56.0281 3136 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:12:56.0343 3136 NetBT - ok
09:12:56.0359 3136 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
09:12:56.0406 3136 NetDDE - ok
09:12:56.0406 3136 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
09:12:56.0468 3136 NetDDEdsdm - ok
09:12:56.0484 3136 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:12:56.0531 3136 Netlogon - ok
09:12:56.0546 3136 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
09:12:56.0609 3136 Netman - ok
09:12:56.0734 3136 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:12:56.0734 3136 NetTcpPortSharing - ok
09:12:56.0765 3136 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
09:12:56.0781 3136 Nla - ok
09:12:56.0937 3136 Norton Ghost (a1787754952a0b700e386dc7c5fa5726) C:\Programme\Norton Ghost\Agent\VProSvc.exe
09:12:57.0031 3136 Norton Ghost - ok
09:12:57.0140 3136 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:12:57.0203 3136 Npfs - ok
09:12:57.0203 3136 NTACCESS - ok
09:12:57.0234 3136 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:12:57.0296 3136 Ntfs - ok
09:12:57.0312 3136 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:12:57.0359 3136 NtLmSsp - ok
09:12:57.0406 3136 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
09:12:57.0453 3136 NtmsSvc - ok
09:12:57.0468 3136 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:12:57.0531 3136 Null - ok
09:12:57.0546 3136 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:12:57.0609 3136 NwlnkFlt - ok
09:12:57.0609 3136 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:12:57.0656 3136 NwlnkFwd - ok
09:12:57.0781 3136 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
09:12:57.0796 3136 odserv - ok
09:12:57.0812 3136 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
09:12:57.0828 3136 ose - ok
09:12:57.0953 3136 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:12:58.0062 3136 osppsvc - ok
09:12:58.0171 3136 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
09:12:58.0234 3136 Parport - ok
09:12:58.0250 3136 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:12:58.0312 3136 PartMgr - ok
09:12:58.0328 3136 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
09:12:58.0390 3136 ParVdm - ok
09:12:58.0406 3136 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
09:12:58.0468 3136 PCI - ok
09:12:58.0468 3136 PCIDump - ok
09:12:58.0468 3136 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:12:58.0531 3136 PCIIde - ok
09:12:58.0546 3136 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:12:58.0609 3136 Pcmcia - ok
09:12:58.0609 3136 PDCOMP - ok
09:12:58.0609 3136 PDFRAME - ok
09:12:58.0609 3136 PDRELI - ok
09:12:58.0625 3136 PDRFRAME - ok
09:12:58.0625 3136 perc2 - ok
09:12:58.0625 3136 perc2hib - ok
09:12:58.0671 3136 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
09:12:58.0671 3136 PlugPlay - ok
09:12:58.0671 3136 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:12:58.0734 3136 PolicyAgent - ok
09:12:58.0750 3136 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:12:58.0796 3136 PptpMiniport - ok
09:12:58.0828 3136 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
09:12:58.0890 3136 Processor - ok
09:12:58.0890 3136 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:12:58.0937 3136 ProtectedStorage - ok
09:12:58.0953 3136 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:12:59.0015 3136 PSched - ok
09:12:59.0031 3136 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:12:59.0078 3136 Ptilink - ok
09:12:59.0093 3136 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:12:59.0093 3136 PxHelp20 - ok
09:12:59.0109 3136 ql1080 - ok
09:12:59.0109 3136 Ql10wnt - ok
09:12:59.0109 3136 ql12160 - ok
09:12:59.0109 3136 ql1240 - ok
09:12:59.0125 3136 ql1280 - ok
09:12:59.0140 3136 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:12:59.0187 3136 RasAcd - ok
09:12:59.0203 3136 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
09:12:59.0265 3136 RasAuto - ok
09:12:59.0265 3136 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:12:59.0328 3136 Rasl2tp - ok
09:12:59.0343 3136 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
09:12:59.0390 3136 RasMan - ok
09:12:59.0406 3136 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:12:59.0453 3136 RasPppoe - ok
09:12:59.0453 3136 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:12:59.0515 3136 Raspti - ok
09:12:59.0531 3136 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:12:59.0578 3136 Rdbss - ok
09:12:59.0578 3136 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:12:59.0640 3136 RDPCDD - ok
09:12:59.0671 3136 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:12:59.0718 3136 rdpdr - ok
09:12:59.0750 3136 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
09:12:59.0781 3136 RDPWD - ok
09:12:59.0796 3136 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
09:12:59.0843 3136 RDSessMgr - ok
09:12:59.0859 3136 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:12:59.0906 3136 redbook - ok
09:12:59.0937 3136 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
09:12:59.0984 3136 RemoteAccess - ok
09:13:00.0000 3136 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
09:13:00.0062 3136 RemoteRegistry - ok
09:13:00.0062 3136 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
09:13:00.0125 3136 RpcLocator - ok
09:13:00.0156 3136 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
09:13:00.0171 3136 RpcSs - ok
09:13:00.0187 3136 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
09:13:00.0234 3136 RSVP - ok
09:13:00.0265 3136 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:13:00.0312 3136 SamSs - ok
09:13:00.0328 3136 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
09:13:00.0390 3136 SCardSvr - ok
09:13:00.0406 3136 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
09:13:00.0453 3136 Schedule - ok
09:13:00.0468 3136 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:13:00.0500 3136 Secdrv - ok
09:13:00.0500 3136 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
09:13:00.0562 3136 seclogon - ok
09:13:00.0562 3136 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
09:13:00.0625 3136 SENS - ok
09:13:00.0625 3136 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:13:00.0671 3136 serenum - ok
09:13:00.0687 3136 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
09:13:00.0734 3136 Serial - ok
09:13:00.0750 3136 SetupNTGLM7X - ok
09:13:00.0750 3136 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:13:00.0812 3136 Sfloppy - ok
09:13:00.0843 3136 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
09:13:00.0843 3136 ShellHWDetection - ok
09:13:00.0843 3136 Simbad - ok
09:13:00.0875 3136 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:13:00.0921 3136 SLIP - ok
09:13:00.0937 3136 Sparrow - ok
09:13:00.0968 3136 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:13:01.0015 3136 splitter - ok
09:13:01.0031 3136 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:13:01.0062 3136 Spooler - ok
09:13:01.0078 3136 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
09:13:01.0109 3136 sr - ok
09:13:01.0125 3136 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
09:13:01.0156 3136 srservice - ok
09:13:01.0171 3136 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:13:01.0203 3136 Srv - ok
09:13:01.0265 3136 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
09:13:01.0296 3136 SSDPSRV - ok
09:13:01.0312 3136 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:13:01.0312 3136 ssmdrv - ok
09:13:01.0312 3136 SSPORT - ok
09:13:01.0343 3136 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
09:13:01.0390 3136 stisvc - ok
09:13:01.0421 3136 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:13:01.0468 3136 streamip - ok
09:13:01.0484 3136 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:13:01.0546 3136 swenum - ok
09:13:01.0562 3136 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:13:01.0609 3136 swmidi - ok
09:13:01.0609 3136 SwPrv - ok
09:13:01.0625 3136 Symantec SymSnap VSS Provider - ok
09:13:01.0625 3136 symc810 - ok
09:13:01.0625 3136 symc8xx - ok
09:13:01.0640 3136 symsnap (a5cf31080e99718949bcc38c83f13452) C:\WINDOWS\system32\DRIVERS\symsnap.sys
09:13:01.0656 3136 symsnap - ok
09:13:01.0765 3136 SymSnapService (21ff886e6f679fc1eb352f231e846357) C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe
09:13:01.0812 3136 SymSnapService - ok
09:13:01.0906 3136 sym_hi - ok
09:13:01.0906 3136 sym_u3 - ok
09:13:01.0937 3136 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:13:01.0984 3136 sysaudio - ok
09:13:02.0000 3136 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
09:13:02.0062 3136 SysmonLog - ok
09:13:02.0078 3136 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
09:13:02.0140 3136 TapiSrv - ok
09:13:02.0171 3136 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys
09:13:02.0171 3136 TBPanel - ok
09:13:02.0218 3136 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:13:02.0234 3136 Tcpip - ok
09:13:02.0250 3136 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:13:02.0296 3136 TDPIPE - ok
09:13:02.0328 3136 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:13:02.0375 3136 TDTCP - ok
09:13:02.0390 3136 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:13:02.0437 3136 TermDD - ok
09:13:02.0468 3136 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
09:13:02.0531 3136 TermService - ok
09:13:02.0562 3136 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
09:13:02.0562 3136 Themes - ok
09:13:02.0593 3136 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
09:13:02.0625 3136 TlntSvr - ok
09:13:02.0687 3136 TomTomHOMEService (747e60b773e95f6c93d5621b550d6865) C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
09:13:02.0703 3136 TomTomHOMEService - ok
09:13:02.0703 3136 TosIde - ok
09:13:02.0718 3136 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
09:13:02.0765 3136 TrkWks - ok
09:13:02.0796 3136 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:13:02.0859 3136 Udfs - ok
09:13:02.0859 3136 ultra - ok
09:13:02.0890 3136 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
09:13:02.0921 3136 UMWdf - ok
09:13:02.0953 3136 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:13:03.0015 3136 Update - ok
09:13:03.0046 3136 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
09:13:03.0078 3136 upnphost - ok
09:13:03.0093 3136 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
09:13:03.0140 3136 UPS - ok
09:13:03.0187 3136 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:13:03.0234 3136 usbccgp - ok
09:13:03.0265 3136 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:13:03.0312 3136 usbehci - ok
09:13:03.0328 3136 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:13:03.0390 3136 usbhub - ok
09:13:03.0406 3136 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:13:03.0468 3136 usbohci - ok
09:13:03.0484 3136 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:13:03.0531 3136 usbprint - ok
09:13:03.0562 3136 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:13:03.0625 3136 usbscan - ok
09:13:03.0640 3136 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:13:03.0703 3136 USBSTOR - ok
09:13:03.0703 3136 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:13:03.0750 3136 usbuhci - ok
09:13:03.0765 3136 v2imount (b4d63048d6358e7c6ab61b98b8cff263) C:\WINDOWS\system32\DRIVERS\v2imount.sys
09:13:03.0781 3136 v2imount - ok
09:13:03.0796 3136 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:13:03.0859 3136 VgaSave - ok
09:13:03.0859 3136 ViaIde - ok
09:13:03.0890 3136 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
09:13:03.0937 3136 VolSnap - ok
09:13:03.0968 3136 VProEventMonitor (ef3506b04eb9124240b35148eaacbaa5) C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys
09:13:03.0984 3136 VProEventMonitor - ok
09:13:04.0000 3136 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
09:13:04.0031 3136 VSS - ok
09:13:04.0046 3136 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
09:13:04.0093 3136 W32Time - ok
09:13:04.0109 3136 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:13:04.0156 3136 Wanarp - ok
09:13:04.0187 3136 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:13:04.0187 3136 Wdf01000 - ok
09:13:04.0203 3136 WDICA - ok
09:13:04.0234 3136 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:13:04.0281 3136 wdmaud - ok
09:13:04.0312 3136 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
09:13:04.0359 3136 WebClient - ok
09:13:04.0390 3136 WimFltr (090a2b8f055343815556a01f725f6c35) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
09:13:04.0390 3136 WimFltr - ok
09:13:04.0453 3136 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:13:04.0515 3136 winmgmt - ok
09:13:04.0546 3136 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
09:13:04.0578 3136 WmdmPmSN - ok
09:13:04.0625 3136 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
09:13:04.0640 3136 Wmi - ok
09:13:04.0671 3136 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:13:04.0734 3136 WmiApSrv - ok
09:13:04.0750 3136 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:13:04.0796 3136 WS2IFSL - ok
09:13:04.0828 3136 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:13:04.0875 3136 WSTCODEC - ok
09:13:04.0890 3136 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
09:13:04.0953 3136 wuauserv - ok
09:13:05.0000 3136 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
09:13:05.0062 3136 WZCSVC - ok
09:13:05.0078 3136 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
09:13:05.0140 3136 xmlprov - ok
09:13:05.0156 3136 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
09:13:05.0484 3136 \Device\Harddisk0\DR0 - ok
09:13:05.0500 3136 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
09:13:05.0593 3136 \Device\Harddisk1\DR1 - ok
09:13:05.0593 3136 Boot (0x1200) (868e012d973accae0d1592423c8d42ba) \Device\Harddisk0\DR0\Partition0
09:13:05.0593 3136 \Device\Harddisk0\DR0\Partition0 - ok
09:13:05.0593 3136 Boot (0x1200) (7c30346982fc42fe47caf34a0f71cfd0) \Device\Harddisk1\DR1\Partition0
09:13:05.0593 3136 \Device\Harddisk1\DR1\Partition0 - ok
09:13:05.0593 3136 ============================================================
09:13:05.0593 3136 Scan finished
09:13:05.0593 3136 ============================================================
09:13:05.0703 1036 Detected object count: 5
09:13:05.0703 1036 Actual detected object count: 5
09:13:25.0250 1036 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user
09:13:25.0250 1036 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:13:25.0265 1036 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
09:13:25.0265 1036 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:13:25.0265 1036 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:13:25.0265 1036 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:13:25.0265 1036 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
09:13:25.0265 1036 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:13:25.0265 1036 FLASHSYS ( UnsignedFile.Multi.Generic ) - skipped by user
09:13:25.0265 1036 FLASHSYS ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
