| |
| |||||||
Log-Analyse und Auswertung: MBRoot? gmer (im safety mode) und aswMBR schlagen alarmWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.12.2011, 15:53
| #1 |
 |  MBRoot? gmer (im safety mode) und aswMBR schlagen alarm Hallo, ich fang mal vorne an: vor ner weile ist mein rechner zeitweise merkwürdig langsam geworden. ein scan mit avira endete mit dem hinweis auf einen "versteckten treiber" bzw "Speicherveränderung" (keine alcohol-treiber oderso, bleibt auch nach disable mit defogger) hab dann Malwarebytes laufen lassen, was ein paar trojanerreste gefunden hat (ich glaube nicht, das die was mit dem problem zu tun hatten, kann aber auch mehr dazu berichten). rootrepeal schließlich meldete ein rootkit. gmer verhält sich etwas merkwürdig: beim ersten scan meldetet es einen rootkit-fund, seit dem nicht mehr, es sei denn ich scanne im abgesicherten modus. ich hänge mal beides ran. aswMBR meldet ebenfalls ein rootkit. OTL liefert mir keine extra.txt, nur die OTL.txt Hoffe ihr könnt mir helfen. Hier die OTL, der Rest als Anhang OTL logfile created on: 10.12.2011 14:11:04 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\***\Desktop\anti Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,69% Memory free 3,85 Gb Paging File | 3,37 Gb Available in Paging File | 87,56% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 465,75 Gb Total Space | 43,60 Gb Free Space | 9,36% Space Free | Partition Type: NTFS Computer Name: SMN | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.22 12:57:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\anti\OTL.exe PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.03.22 19:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2011.03.11 15:17:30 | 000,093,360 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Programme\Olympus\ib\olycamdetect.exe PRC - [2010.04.05 23:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Programme\FolderSize\FolderSizeSvc.exe PRC - [2009.07.20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe PRC - [2008.07.14 12:45:16 | 000,336,384 | ---- | M] (Portrait Displays, Inc) -- C:\Programme\Portrait Displays\HP My Display\dthtml.exe PRC - [2008.07.14 12:43:04 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe PRC - [2008.07.14 12:42:56 | 000,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\HookManager.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.02.09 11:17:30 | 000,694,008 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\Floater.exe PRC - [2007.02.09 11:17:26 | 000,694,008 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\wpCtrl.exe ========== Modules (No Company Name) ========== MOD - [2011.11.17 23:05:27 | 000,005,376 | ---- | M] () -- C:\WINDOWS\system32\antiwpa.dll MOD - [2011.10.13 02:11:08 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll MOD - [2011.10.13 02:11:02 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll MOD - [2011.10.13 02:10:46 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll MOD - [2011.10.13 02:10:17 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll MOD - [2011.10.13 02:08:58 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll MOD - [2011.10.13 02:08:54 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll MOD - [2011.10.13 02:08:45 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll MOD - [2011.10.13 02:07:46 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011.10.13 02:07:35 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011.10.11 13:59:51 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.08.09 20:50:00 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2011.08.09 20:49:56 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.05.30 21:07:27 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3776.37421__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.05.30 21:07:27 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3776.37526__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2010.05.30 21:07:27 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3776.37526__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2010.05.30 21:07:27 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3776.37530__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2010.05.30 21:07:27 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3776.37527__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2010.05.30 21:07:26 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3776.37425__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l MOD - [2010.05.30 21:07:26 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3776.37478__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll MOD - [2010.05.30 21:07:26 | 000,380,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3776.37403__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.05.30 21:07:26 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3776.37494__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2010.05.30 21:07:26 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3776.37427__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.05.30 21:07:26 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3776.37489__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.05.30 21:07:26 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3776.37412__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.05.30 21:07:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3776.37465__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.05.30 21:07:26 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3776.37451__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l MOD - [2010.05.30 21:07:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3776.37413__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll MOD - [2010.05.30 21:07:25 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3776.37556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll MOD - [2010.05.30 21:07:25 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3776.37512__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.05.30 21:07:25 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3776.37426__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2010.05.30 21:07:25 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3776.37426__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2010.05.30 21:07:25 | 000,013,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3776.37556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll MOD - [2010.05.30 21:07:25 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3776.37553__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010.05.30 21:07:24 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3776.37471__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.05.30 21:07:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3776.37472__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.05.30 21:07:24 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3776.37470__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.05.30 21:07:23 | 000,655,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3776.37525__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2010.05.30 21:07:23 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3776.37524__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2010.05.30 21:07:22 | 000,856,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3776.37455__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.05.30 21:07:22 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3776.37481__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.05.30 21:07:22 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3776.37416__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll MOD - [2010.05.30 21:07:22 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3776.37428__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.05.30 21:07:22 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3776.37454__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.05.30 21:07:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3776.37460__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll MOD - [2010.05.30 21:07:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3776.37460__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll MOD - [2010.05.30 21:07:21 | 000,749,568 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3776.37491__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2010.05.30 21:07:21 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3776.37467__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll MOD - [2010.05.30 21:07:21 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3776.37429__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll MOD - [2010.05.30 21:07:21 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3776.37453__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.05.30 21:07:21 | 000,376,832 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3776.37448__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.05.30 21:07:21 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3776.37452__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.05.30 21:07:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3776.37432__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll MOD - [2010.05.30 21:07:21 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3776.37462__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.05.30 21:07:20 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.05.30 21:07:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3776.37453__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.05.30 21:07:20 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3776.37397__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.05.30 21:07:20 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.05.30 21:07:20 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3776.37392__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.05.30 21:07:20 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3776.37509__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.05.30 21:07:20 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3776.37397__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.05.30 21:07:20 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3776.37518__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.05.30 21:07:20 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3776.37402__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.05.30 21:07:20 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3776.37398__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.05.30 21:07:19 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3776.37390__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.05.30 21:07:19 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3776.37392__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.05.30 21:07:19 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3776.37395__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.05.30 21:07:18 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3776.37395__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.05.30 21:07:18 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3776.37391__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.05.30 21:07:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.05.30 21:07:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3776.37504__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.05.30 21:07:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3776.37393__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.05.30 21:07:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2010.05.30 21:07:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3776.37394__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.05.30 21:07:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.05.30 21:07:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.05.30 21:07:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3776.37420__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.05.30 21:07:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3776.37412__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.05.30 21:07:18 | 000,009,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3776.37511__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010.05.30 21:07:18 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3776.37393__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.05.30 21:07:18 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3776.37401__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.05.30 21:07:18 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3776.37396__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.05.30 21:07:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3776.37444__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.05.30 21:07:17 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3776.37523__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2010.05.30 21:07:17 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3776.37470__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.05.30 21:07:17 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3776.37510__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.05.30 21:07:17 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3776.37459__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l MOD - [2010.05.30 21:07:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3776.37425__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2010.05.30 21:07:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3776.37402__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l MOD - [2010.05.30 21:07:16 | 000,741,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3776.37546__90ba9c70f846762e\ResourceManagement.Foundation.Implementatio n.dll MOD - [2010.05.30 21:07:16 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3776.37489__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.05.30 21:07:16 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3776.37423__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.05.30 21:07:16 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3776.37452__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.05.30 21:07:16 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3776.37412__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.05.30 21:07:16 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3776.37519__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.05.30 21:07:16 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3776.37464__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.05.30 21:07:16 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3776.37413__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.05.30 21:07:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3776.37413__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l MOD - [2010.05.30 21:07:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3776.37423__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.05.30 21:07:16 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3776.37393__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.05.30 21:07:16 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3776.37398__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.05.30 21:07:15 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3776.37505__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.05.30 21:07:15 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3776.37502__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.05.30 21:07:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3776.37396__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.05.30 21:07:15 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3776.37394__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.05.30 21:07:15 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3776.37395__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.05.30 21:07:15 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2010.05.30 21:07:15 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2010.05.30 21:07:15 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3776.37419__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.05.30 21:07:15 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3776.37400__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.05.30 21:07:15 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3776.37398__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010.05.30 21:07:14 | 000,577,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3776.37499__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.05.30 21:07:14 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3776.37420__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.05.30 21:07:14 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3776.37400__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.05.30 21:07:14 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3776.37401__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.05.30 21:07:14 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3776.37397__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.05.30 21:07:14 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3776.37407__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.05.30 21:07:13 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3776.37409__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.05.30 21:07:13 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3776.37399__90ba9c70f846762e\APM.Server.dll MOD - [2010.05.30 21:07:13 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3776.37398__90ba9c70f846762e\AEM.Server.dll MOD - [2010.05.30 21:07:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3776.37406__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.05.30 21:07:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.05.30 21:07:13 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3776.37504__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.05.30 21:07:13 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3776.37425__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.04.16 13:20:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009.07.20 11:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.10.28 00:46:32 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard\1.2.2924.20913__90ba9c70f846762e\CLI.AIB.TutorialInfoCentre.Tutorial.Dashbo ard.dll MOD - [2008.07.14 12:43:12 | 000,151,552 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DThook.dll MOD - [2008.07.14 12:43:06 | 000,077,824 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Plugins\CC\gui.dll MOD - [2008.07.14 12:43:04 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe MOD - [2008.07.14 12:42:50 | 000,102,400 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\PresetsCOM.dll MOD - [2007.10.04 12:37:40 | 000,196,608 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\di2c.dll MOD - [2007.02.09 11:17:30 | 000,694,008 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\Floater.exe MOD - [2007.02.09 11:17:26 | 000,694,008 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\wpCtrl.exe MOD - [2007.02.09 11:16:08 | 000,245,760 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\Winphook.dll MOD - [2006.03.09 18:45:36 | 000,081,920 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_33.dll ========== Win32 Services (SafeList) ========== SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.07.31 04:41:36 | 000,243,712 | ---- | M] (SMServer) [On_Demand | Stopped] -- C:\WINDOWS\System32\snmvtsvc.exe -- (SMServer) SRV - [2011.07.31 03:27:36 | 001,037,824 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\GSService.exe -- (GSService) SRV - [2010.04.05 23:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize) SRV - [2009.07.20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.10.28 22:01:22 | 000,326,192 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2008.10.28 22:00:40 | 000,113,200 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Programme\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2008.10.28 22:00:08 | 000,399,920 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service) SRV - [2008.10.02 17:25:42 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60) SRV - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008.07.14 12:43:04 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec) DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip) DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.08.01 05:13:24 | 000,023,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamdAudio.sys -- (CamdAudio) DRV - [2011.02.22 01:00:52 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2011.02.22 01:00:39 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2011.02.22 01:00:39 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2011.02.16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2010.08.25 18:39:02 | 000,013,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\prwntdrv.sys -- (prwntdrv) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.07 03:42:04 | 004,687,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.10.29 22:33:02 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi) DRV - [2008.10.28 22:01:34 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci) DRV - [2008.10.28 22:01:32 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2008.10.28 22:01:32 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd) DRV - [2008.10.28 22:01:30 | 000,857,392 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86) DRV - [2008.10.28 22:01:28 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon) DRV - [2008.10.28 22:01:20 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport) DRV - [2008.10.28 16:03:28 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2008.10.28 16:03:28 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2008.10.02 17:24:48 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2007.08.06 14:29:46 | 000,094,720 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camfilt2.sys -- (camfilt2) DRV - [2007.07.17 17:07:42 | 010,371,072 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2007.06.24 20:56:54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007.05.10 11:28:08 | 004,419,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.04.14 09:28:00 | 000,094,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007.04.03 13:57:54 | 000,099,080 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) DRV - [2007.04.03 13:57:52 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex) DRV - [2007.04.03 13:57:52 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) DRV - [2007.04.03 13:57:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) DRV - [2007.04.03 13:57:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm) DRV - [2007.04.03 13:57:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl) DRV - [2007.04.03 13:57:42 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM) DRV - [2007.02.09 11:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot) DRV - [2007.02.09 11:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou) DRV - [2006.12.28 04:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService) DRV - [2006.11.16 16:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts) DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.03.02 17:24:30 | 000,133,504 | ---- | M] (AfaTech ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AF05BDA.sys -- (AF05BDA) DRV - [2003.04.19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl) DRV - [2003.03.02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl) DRV - [2001.08.17 13:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3 FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.1.3.21 FF - prefs.js..extensions.enabledItems: tiletabs@DW-dev:4.10 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.13 15:28:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.07.05 09:50:39 | 000,000,000 | ---D | M] [2010.04.17 07:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2011.11.10 15:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\extensions [2011.05.16 00:17:37 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2011.11.10 15:22:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.08 18:51:12 | 000,000,000 | ---D | M] (QuickDrag) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\extensions\quickdrag@mozilla.ktechcomputing.com [2010.03.05 13:35:25 | 000,001,820 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\bing.xml [2009.02.11 00:49:44 | 000,002,298 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\lastfm.xml [2008.10.29 18:08:15 | 000,001,660 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\leo-deu-eng.xml [2011.07.18 21:46:39 | 000,001,729 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\linguee-de-en.xml [2011.01.23 23:36:02 | 000,008,037 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\mobygames.xml [2011.11.10 14:22:30 | 000,001,242 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\plattentestsde-all.xml [2008.10.30 15:57:18 | 000,002,006 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\urban-dictionary.xml [2008.10.29 18:08:43 | 000,001,330 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\wikipedia-en.xml [2009.01.07 21:56:44 | 000,001,334 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\wiktionary-de.xml [2008.10.29 21:04:22 | 000,002,108 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\youtube-video-search.xml [2011.11.17 00:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.22 21:13:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.27 06:45:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.11.17 00:36:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TDE1CIQ2.DEFAULT\EXTENSIONS\{11483926-DB67-4190-91B1-EF20FCEC5F33}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TDE1CIQ2.DEFAULT\EXTENSIONS\{C6FB3A99-0BF0-4AB3-9B5B-9FE631D6CDE3}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TDE1CIQ2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TDE1CIQ2.DEFAULT\EXTENSIONS\TILEVIEW@DW-DEV.XPI [2011.08.31 12:53:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.10.13 15:28:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.10.13 15:28:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.13 15:28:12 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.10.13 15:28:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.10.13 15:28:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.13 15:28:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.13 15:28:12 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.16 14:13:10 | 000,000,355 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found O4 - HKLM..\Run: [DT HPW] C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MDS_Menu] C:\Programme\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Olympus ib] C:\Programme\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.) O4 - HKLM..\Run: [PivotSoftware] C:\Programme\Portrait Displays\Pivot Software\wpctrl.exe () O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [AeroSnap] C:\Programme\AeroSnap\AeroSnap.exe File not found O4 - HKCU..\Run: [Olympus ib] C:\Programme\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Programme\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Programme\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Free Download Manager\dlfvideo.htm () O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programme\MelodyCan\YouTubeRipper.dll () O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programme\MelodyCan\YouTubeRipper.dll () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Programme\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Programme\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225197402253 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225197551362 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\Antiwpa: DllName - (antiwpa.dll) - C:\WINDOWS\System32\antiwpa.dll () O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.10.28 00:06:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{10560302-7d58-11e0-8823-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{10560302-7d58-11e0-8823-005056c00008}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{10560302-7d58-11e0-8823-005056c00008}\Shell\AutoRun\command - "" = F:\PcOptions.exe O33 - MountPoints2\{7499571c-698e-11e0-87f6-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{7499571c-698e-11e0-87f6-005056c00008}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7499571c-698e-11e0-87f6-005056c00008}\Shell\AutoRun\command - "" = F:\PcOptions.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1 ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "VMware NAT Service" MsConfig - Services: "VMnetDHCP" MsConfig - Services: "VMAuthdService" MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: CamserviceDeluxe2 - hkey= - key= - C:\Programme\Hercules\Deluxe Optical Glass\Camservice.exe (Guillemot Corporation S.A.) MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - File not found MsConfig - StartUpReg: NBKeyScan - hkey= - key= - File not found MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () MsConfig - StartUpReg: VMware hqtray - hkey= - key= - C:\Programme\VMware\VMware Player\hqtray.exe (VMware, Inc.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.22 15:36:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\anti [2011.11.20 15:03:03 | 000,472,064 | ---- | C] ( ) -- C:\Programme\RootRepeal.exe [2011.11.20 11:47:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy [2011.11.20 11:47:00 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2011.11.20 11:47:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2011.11.18 12:46:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2011.11.18 12:45:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager [2011.11.18 12:45:55 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager [2011.11.17 22:10:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2011.11.17 22:10:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.11.17 22:10:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.11.17 22:10:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.11.17 19:47:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\backups - abgleichen [2011.11.17 00:36:54 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2011.11.15 19:04:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Videos [2009.09.20 23:07:41 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2009.09.20 23:07:41 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [2009.03.10 13:10:08 | 000,012,048 | ---- | C] (Microsoft Corporation) -- C:\Programme\cpugrab.exe [2009.02.12 13:49:14 | 000,237,568 | ---- | C] (Derrow/Decision Development) -- C:\Programme\VobEdit.exe [2009.02.12 06:10:03 | 001,208,320 | ---- | C] (Derrow/Decision Development) -- C:\Programme\IfoEdit.exe [82 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [77 C:\Dokumente und Einstellungen\***\*.tmp files -> C:\Dokumente und Einstellungen\***\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.10 13:41:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.12.10 13:41:12 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys [2011.12.09 13:09:21 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat [2011.12.09 13:00:10 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.12.01 17:42:16 | 000,120,320 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.22 15:37:30 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2011.11.22 12:23:36 | 000,000,555 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit RootRepeal.exe.lnk [2011.11.22 12:23:30 | 000,000,545 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit quph0wdv.exe.lnk [2011.11.20 16:16:37 | 000,302,592 | ---- | M] () -- C:\Programme\quph0wdv.exe [2011.11.20 15:03:13 | 000,000,000 | ---- | M] () -- C:\Programme\settings.dat [2011.11.20 11:47:05 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Spybot - Search & Destroy.lnk [2011.11.18 14:42:38 | 000,010,498 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_17.11.2011_06-22drv.spi [2011.11.18 01:00:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.11.17 23:05:27 | 000,005,376 | ---- | M] () -- C:\WINDOWS\System32\antiwpa.dll [2011.11.17 22:10:38 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.17 19:56:18 | 000,000,215 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\default.rss [2011.11.17 19:55:44 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [82 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [77 C:\Dokumente und Einstellungen\***\*.tmp files -> C:\Dokumente und Einstellungen\***\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.10 13:41:12 | 2146,816,000 | -HS- | C] () -- C:\hiberfil.sys [2011.11.22 15:37:30 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2011.11.22 12:23:36 | 000,000,555 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit RootRepeal.exe.lnk [2011.11.22 12:23:30 | 000,000,545 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit quph0wdv.exe.lnk [2011.11.20 16:51:35 | 000,302,592 | ---- | C] () -- C:\Programme\quph0wdv.exe [2011.11.20 15:03:13 | 000,000,000 | ---- | C] () -- C:\Programme\settings.dat [2011.11.20 11:47:05 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Spybot - Search & Destroy.lnk [2011.11.18 13:36:23 | 000,010,498 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_17.11.2011_06-22drv.spi [2011.11.17 23:05:27 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll [2011.11.17 22:10:38 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.17 19:25:54 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe [2011.09.04 02:15:37 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll [2011.09.04 02:15:37 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2011.08.09 19:16:10 | 001,037,824 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe [2011.05.27 14:30:44 | 000,000,408 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Checksum.ini [2011.05.24 13:53:30 | 000,098,696 | ---- | C] () -- C:\WINDOWS\System32\setupprwdrv03.exe [2011.05.24 13:53:30 | 000,013,064 | ---- | C] () -- C:\WINDOWS\System32\prwntdrv.sys [2011.05.03 16:09:22 | 000,029,346 | ---- | C] () -- C:\WINDOWS\scunin.dat [2011.04.09 18:00:43 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat [2011.02.20 21:02:27 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys [2011.02.20 21:02:26 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys [2011.02.16 07:55:08 | 000,015,838 | ---- | C] () -- C:\WINDOWS\System32\win32wnd09.dll [2011.02.16 07:55:08 | 000,010,118 | ---- | C] () -- C:\WINDOWS\System32\cfgjvjpu09.dll [2010.06.01 21:44:11 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys [2010.06.01 21:33:09 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010.06.01 21:33:09 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010.06.01 21:33:09 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010.05.13 13:18:35 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2010.05.13 13:18:34 | 000,202,234 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2010.05.13 13:18:34 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2010.03.10 19:04:18 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\downloads.m3u [2009.12.08 10:06:55 | 002,828,156 | ---- | C] () -- C:\Programme\u [2009.12.03 16:51:28 | 000,000,020 | ---- | C] () -- C:\WINDOWS\entpack.ini [2009.09.24 16:53:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI [2009.09.20 23:07:41 | 000,015,478 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2009.09.20 23:06:51 | 003,600,384 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe [2009.08.20 11:54:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.07.09 07:51:40 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\setup_ldm.iss [2009.05.05 18:50:00 | 000,000,126 | ---- | C] () -- C:\WINDOWS\_delis43.ini [2009.03.30 09:08:17 | 000,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll [2009.03.10 02:52:01 | 000,143,872 | R--- | C] () -- C:\Programme\SlowDown.exe [2009.03.07 14:32:01 | 000,000,215 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\default.rss [2009.02.12 13:54:31 | 000,000,133 | ---- | C] () -- C:\WINDOWS\VobEdit.INI [2009.02.12 06:09:55 | 000,000,346 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI [2009.02.12 05:31:29 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2009.02.03 00:21:16 | 000,313,344 | ---- | C] () -- C:\Programme\hjsplit.exe [2009.01.23 15:50:54 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2009.01.05 21:01:16 | 1150,156,800 | ---- | C] () -- C:\Programme\msoffice_2007_se_frost-rl.iso [2008.11.18 00:19:21 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008.11.18 00:19:19 | 002,121,235 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2008.11.18 00:19:19 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008.11.18 00:19:19 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008.11.18 00:19:18 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.11.13 20:59:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2008.11.12 16:37:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2008.11.12 16:36:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2008.11.04 23:25:24 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll [2008.11.04 23:24:43 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2008.10.29 21:22:44 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini [2008.10.28 14:46:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.10.28 14:46:03 | 000,120,320 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.28 13:34:29 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008.10.28 13:33:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008.10.28 00:57:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.10.28 00:56:10 | 000,196,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.10.28 00:49:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2008.10.28 00:35:53 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008.10.28 00:12:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.10.28 00:04:21 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.09.19 22:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007.08.21 10:51:16 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2007.08.21 08:36:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2006.11.02 16:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2001.10.02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.10.02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001.10.02 14:00:00 | 000,455,018 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2001.10.02 14:00:00 | 000,438,372 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001.10.02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001.10.02 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2001.10.02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001.10.02 14:00:00 | 000,082,740 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2001.10.02 14:00:00 | 000,069,794 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001.10.02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001.10.02 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2001.10.02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001.10.02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2001.10.02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.10.02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2001.10.02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2009.01.19 21:38:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy [2011.09.01 22:05:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2010.09.16 14:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure [2011.03.02 11:36:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG [2008.12.04 22:49:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm [2011.11.18 12:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2009.01.09 01:44:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2011.05.25 20:19:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.02.22 01:05:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.minecraft [2010.02.27 01:31:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AeroSnapApp [2011.02.16 00:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AtomZombieDemoData [2009.10.23 15:25:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Bioshock [2011.03.02 18:33:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Braid [2008.10.28 21:07:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Broken Sword 2.5 [2011.05.25 13:50:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ChemAxon [2009.02.03 00:49:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools [2011.09.01 23:09:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite [2009.02.03 00:49:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Pro [2010.06.01 21:47:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DisplayTune [2011.08.09 20:59:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoft [2011.08.09 20:59:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.08.05 12:08:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\foobar2000 [2011.08.06 01:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Free Download Manager [2011.06.14 19:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GrabPro [2010.11.25 16:52:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0 [2011.06.14 23:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hensense.com [2011.03.23 20:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ [2008.11.05 00:15:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite [2010.05.31 22:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IsolatedStorage [2008.10.28 01:04:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech [2011.04.11 07:57:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MusicBee [2009.04.22 10:38:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MyPhoneExplorer [2011.06.14 23:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Orbit [2011.06.14 19:13:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ProgSense [2011.05.24 16:32:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\R-TT [2011.04.01 12:09:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScummVM [2010.05.31 22:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Symyx [2009.01.09 01:59:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teleca [2011.08.05 01:33:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\VMLoad ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.01.12 23:53:01 | 000,000,000 | ---D | M] -- C:\alter kram [2010.05.13 14:06:10 | 000,000,000 | ---D | M] -- C:\ATI [2011.10.14 11:52:05 | 000,000,000 | ---D | M] -- C:\backups [2011.11.17 00:36:54 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2008.10.28 00:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2011.11.18 15:41:55 | 000,000,000 | R--D | M] -- C:\downloads [2011.11.04 20:57:21 | 000,000,000 | R--D | M] -- C:\Filme [2011.11.03 17:47:36 | 000,000,000 | R--D | M] -- C:\Fotos [2010.08.30 22:44:53 | 000,000,000 | ---D | M] -- C:\*** [2009.01.05 21:13:16 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.11.08 07:04:03 | 000,000,000 | R--D | M] -- C:\Musik [2011.08.31 18:30:38 | 000,000,000 | ---D | M] -- C:\Musik 2 [2009.01.23 15:50:54 | 000,000,000 | ---D | M] -- C:\Program Files [2011.11.20 16:51:35 | 000,000,000 | R--D | M] -- C:\Programme [2008.10.28 13:50:28 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.10.20 20:52:12 | 000,000,000 | ---D | M] -- C:\spiele [2011.06.01 21:17:11 | 000,000,000 | ---D | M] -- C:\Stick [2008.10.28 13:17:29 | 000,000,000 | ---D | M] -- C:\Swsetup [2011.11.22 15:53:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.04.19 10:30:09 | 000,000,000 | ---D | M] -- C:\Temp [2010.10.13 12:40:41 | 000,000,000 | ---D | M] -- C:\UNI [2011.06.07 21:12:14 | 000,000,000 | ---D | M] -- C:\w a [2011.11.18 22:07:13 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > [1998.04.08 16:20:34 | 000,012,048 | ---- | M] (Microsoft Corporation) -- C:\Programme\cpugrab.exe [2007.02.01 18:02:54 | 000,313,344 | ---- | M] () -- C:\Programme\hjsplit.exe [2004.11.28 20:33:44 | 001,208,320 | ---- | M] (Derrow/Decision Development) -- C:\Programme\IfoEdit.exe [2011.11.20 16:16:37 | 000,302,592 | ---- | M] () -- C:\Programme\quph0wdv.exe [2009.08.13 11:14:17 | 000,472,064 | ---- | M] ( ) -- C:\Programme\RootRepeal.exe [1997.10.16 15:25:20 | 000,143,872 | R--- | M] () -- C:\Programme\SlowDown.exe [2002.11.06 20:42:38 | 000,237,568 | ---- | M] (Derrow/Decision Development) -- C:\Programme\VobEdit.exe Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: EXPLORER.EXE > [2001.10.02 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: REGEDIT.EXE > [2001.10.02 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe [2008.04.14 07:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 07:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2001.10.02 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2001.10.02 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.09.06 15:10:01 | 001,859,072 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-13 21:55:40 ========== Alternate Data Streams ========== @Alternate Data Stream - 487 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 @Alternate Data Stream - 137 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E8BE05FA < End of report > |
| Themen zu MBRoot? gmer (im safety mode) und aswMBR schlagen alarm |
| 0x00000001, adobe, alternate, antivir, aswmbr, avg, avira, bho, branding, c:\windows\system32\rundll32.exe, converter, desktop, einstellungen, error, explorer, firefox, format, free download, langsam, logfile, mbamservice.exe, microsoft, mp3, olympus, opera, plug-in, problem, realtek, registry, required, rundll, scan, security, software, win32k.sys, winlogon.exe |
Baum-Darstellung