BKA-National Cyber Crime Unite hat zugeschlagen - winXP Sp3

solidplanet · 20.03.2012, 20:58

Beim surfen habe ich mir diese lästige Malware (?) eingefangen.
Naja, nichts desto trotz, folgende Symptome:
Vollständiger Bildschirm mit der "BKA - National Cyber Crime Unite" Meldung und Geld-Überweisungs-Aufforderung.
Taskmanager war auch deaktivert, habe ich wieder hergestellt. Ansonst, sobald das Fenster aufgeht, kann ich keine Bedienung mehr vornehmen, alles verschwindet im Hintergrund.
win XP, SP3, x86

" Malwarebytes Anti-Malware " bereits einmal vollständig (Administrator-Acc) und direkt nach dem Neustart noch einmal per "Quickscan" (Benutzer-Admin-Acc) ausgeführt.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.20.07

Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.18702
Administrator :: DIDDI [Administrator]

20.03.2012 19:19:30
mbam-log-2012-03-20 (19-19-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 284585
Laufzeit: 52 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|7906 (Spyware.Zeus) -> Daten: C:\DOKUME~1\ALLUSE~1\LOCALS~1\Temp\msdubmnax.com -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Dokumente und Einstellungen\All Users\Local Settings\Temp\msdubmnax.com (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\cmdow.exe (PUP.Tool) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.20.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
*** :: DIDDI [administrator]

20.03.2012 20:19:13
mbam-log-2012-03-20 (20-19-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206368
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Gescannt und mit selbigem Tool die jeweils gefundenen Baustellen bereinigt.
danach habe ich auch schon mit OTL gescannt, entsprechende Logs:

OTL Logfile:

Code:

ATTFilter

 OTL logfile created on: 20.03.2012 20:42:05 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,48 Mb Total Physical Memory | 364,08 Mb Available Physical Memory | 71,18% Memory free
1,22 Gb Paging File | 1,15 Gb Available in Paging File | 94,21% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,88 Gb Total Space | 25,21 Gb Free Space | 45,12% Space Free | Partition Type: NTFS
 
Computer Name: DIDDI | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.20 20:20:30 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.04.14 13:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2011.08.30 20:54:18 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\server\Apache2\bin\httpd.exe -- (Apache2.2)
SRV - [2011.08.06 02:14:36 | 000,207,360 | ---- | M] (Iomega Corp) [Auto | Stopped] -- C:\Programme\Iomega Storage Manager\pCloudd.exe -- (PCloudd)
SRV - [2011.07.13 20:57:18 | 008,155,648 | ---- | M] () [Auto | Stopped] -- C:\server\mysql\MySQL Server 5.5\bin\mysqld.exe -- (MySQL55)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.04.14 07:53:02 | 000,073,796 | ---- | M] (Smart Link) [Auto | Stopped] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2011.12.22 21:24:20 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.09.08 18:56:24 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.09.08 18:56:24 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.08.06 02:14:36 | 000,017,488 | ---- | M] (Iomega Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vNICdrv.sys -- (vNICdrv)
DRV - [2009.02.25 23:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008.04.13 23:53:48 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2008.04.13 23:53:48 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2008.04.13 23:53:46 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2008.04.13 23:53:44 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)
DRV - [2008.04.13 23:53:42 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2008.04.13 23:53:42 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2008.04.13 23:53:40 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003.06.16 10:05:40 | 000,369,920 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2003.04.30 15:59:40 | 000,259,528 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Nuvision.sys -- (NuVision) Hauppauge WinTV USB Pro (PAL B/G)
DRV - [2003.04.16 07:04:46 | 000,151,808 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8180.sys -- (rtl8180) Realtek RTL8180 Wireless LAN (Mini-)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {3719E125-EA2F-4967-89A7-7FFC964A42E6}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{3719E125-EA2F-4967-89A7-7FFC964A42E6}: "URL" = hxxp://www.google.de/#hl=de&xhr=t&q={searchTerms}&cp=4&pf=p&sclient=psy&site=&source=hp&aq=0&aqi=g5&aql=&oq={searchTerms}&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=4fc01e6c7e157942&biw=792&bih=439
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.08 09:30:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Programme\Mein Gutscheincode Finder\Firefox [2011.08.02 17:59:43 | 000,000,000 | ---D | M]
 
[2011.12.08 09:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2011.12.12 18:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.12 18:43:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Monitor Apache Servers.lnk = C:\server\Apache2\bin\ApacheMonitor.exe (Apache Software Foundation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\RtlWake.lnk = C:\Programme\Realtek\Rtl8180\FRtlWake.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70C4AB4D-F5A9-4693-9EB3-1516A66CA6F4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70C4AB4D-F5A9-4693-9EB3-1516A66CA6F4}: NameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.07.22 10:32:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell - "" = AutoRun
O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell\AutoRun\command - "" = G:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "SCardSvr"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "idsvc"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 0
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.20 20:18:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2012.03.20 19:17:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.03.20 19:17:30 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.20 19:17:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.03.20 19:17:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.03.15 22:55:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.03.15 21:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.03.14 23:53:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\kodak
[2012.03.14 23:53:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Local Settings
[2012.02.21 21:09:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Intelli-studio
[2012.02.21 21:09:24 | 000,000,000 | ---D | C] -- C:\Programme\Samsung
[2011.11.13 10:29:48 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpeA.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.20 20:17:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.20 20:16:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.20 19:17:32 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.15 23:08:33 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.03.15 23:05:25 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012.03.15 23:01:25 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.15 22:55:08 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.15 22:48:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.03.15 00:29:44 | 000,521,644 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.03.15 00:29:44 | 000,497,676 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.15 00:29:44 | 000,102,980 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.03.15 00:29:44 | 000,085,870 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.14 23:52:39 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3528E980-125F-4B0E-98D4-673D5501AB05}.job
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.20 19:17:32 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.16 22:22:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.04 10:43:22 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2011.11.21 21:21:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.11.12 14:20:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.11.12 13:26:51 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2011.08.10 20:57:47 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.08 19:09:05 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc
[2011.08.01 19:03:27 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\AdvCfgRes.dll
[2011.08.01 19:03:27 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\CfgResDll.dll
[2011.08.01 19:03:27 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\WakeResDll.dll
[2011.08.01 19:03:27 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\XpCfgRes.dll
[2011.08.01 19:03:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\oemdel.exe
[2011.08.01 19:03:27 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\killpro.exe
[2011.07.31 13:08:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2011.07.29 12:45:55 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.07.23 20:23:47 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011.07.23 20:22:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\atiiprxx.exe
[2011.07.23 20:22:22 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2011.07.23 20:22:22 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.07.23 20:22:22 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.07.23 20:22:22 | 000,182,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.07.23 20:22:21 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2011.07.23 20:22:13 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
[2011.07.22 13:47:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.07.22 11:16:13 | 000,004,362 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.07.22 11:14:38 | 000,188,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.22 10:36:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.07.22 10:27:25 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
 
========== LOP Check ==========
 
[2011.11.13 10:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2011.12.22 21:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011.09.17 19:02:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2011.08.02 18:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\B+P Heyer
[2011.12.22 21:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
[2011.08.01 18:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Foxit Software
[2011.08.09 13:26:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GHISLER
[2011.08.09 19:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GoPal Assistant
[2012.02.04 08:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2011.09.17 19:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MySQL
[2011.09.17 20:58:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Notepad++
[2012.03.14 23:52:39 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3528E980-125F-4B0E-98D4-673D5501AB05}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.11.12 12:38:32 | 000,000,000 | ---D | M] -- C:\71439a01b4cc00583019
[2011.11.12 14:10:48 | 000,000,000 | ---D | M] -- C:\ATI
[2011.11.12 13:43:42 | 000,000,000 | ---D | M] -- C:\directx
[2012.03.15 00:04:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.08.11 13:12:45 | 000,000,000 | ---D | M] -- C:\dvd
[2011.08.09 20:22:28 | 000,000,000 | ---D | M] -- C:\Medion
[2012.03.20 19:17:30 | 000,000,000 | R--D | M] -- C:\Programme
[2012.03.15 22:57:41 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012.01.20 19:22:31 | 000,000,000 | ---D | M] -- C:\serie
[2011.09.22 20:33:29 | 000,000,000 | --SD | M] -- C:\server
[2011.09.22 20:35:22 | 000,000,000 | ---D | M] -- C:\site
[2011.07.22 13:52:54 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.09 13:26:14 | 000,000,000 | ---D | M] -- C:\totalcmd
[2012.03.15 23:07:43 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2011.07.22 12:13:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.07.22 12:13:56 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.07.22 12:13:55 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.03.19 20:35:13 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2012.03.20 20:44:23 | 000,724,992 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT.LOG
[2012.03.19 20:35:14 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.02.03 10:57:08 | 001,860,224 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >

OTL Extra:

Code:

ATTFilter

OTL Extras logfile created on: 20.03.2012 20:42:05 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,48 Mb Total Physical Memory | 364,08 Mb Available Physical Memory | 71,18% Memory free
1,22 Gb Paging File | 1,15 Gb Available in Paging File | 94,21% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,88 Gb Total Space | 25,21 Gb Free Space | 45,12% Space Free | Partition Type: NTFS
 
Computer Name: DIDDI | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0355CF40-97AF-9CDD-7282-BF151AEE724B}" = ccc-core-static
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{090C73E1-BB48-403D-9DFF-A60FD71FF73A}" = MySQL Connector J
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{2306AB02-DE01-1366-BCFF-41D1197CF42E}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E203CAF-230D-5275-C15B-517273593359}" = Catalyst Control Center Core Implementation
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 6.3.7
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{65EAB391-4B36-59AA-0336-D0C4BEB6CD2F}" = CCC Help English
"{66F9302D-E145-4375-8C84-54DA2339C483}" = MySQL Connector C 6.0.2
"{6F206B58-E2F7-4A70-ACAC-8E0ABFBC62F6}" = MySQL Connector/ODBC 5.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.20
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{953F4AF6-25A4-2419-0A5D-FCA262FEF85E}" = Catalyst Control Center Graphics Full New
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B9A129AB-CA6B-4CD1-B55C-792722E2B947}" = MySQL Installer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C583CEE0-56CD-4545-9BA9-9042EE1FC9E0}" = Realtek RTL8180 Wireless LAN (Mini-)PCI Driver & Utility
"{C59C4A56-8560-4E3B-AA5D-BDCED4F110E7}" = MySQL Documents
"{C6A83D5C-636B-83F9-CEA4-9E2A31C4F509}" = ccc-core-preinstall
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{DCB7474F-F85C-2196-700A-C69692895D00}" = Catalyst Control Center Graphics Full Existing
"{E392F35A-A82B-4DA8-91AF-4B90FE404025}" = Heyer's Sudoku-Generator 1
"{E3ABB4CC-1DC5-4430-BC49-D86AB708A9B8}" = MySQL Workbench 5.2 CE
"{E929D860-AB8D-4AC0-8B7F-8DB5D65E46D0}" = MySQL Server 5.5
"{EA5D652F-EC02-D5E8-6887-CE9EE1C9846F}" = Skins
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.231
"{F53503A3-41B3-4327-A5C0-B058AB72B90D}" = MySQL Examples and Samples 5.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F88E77C7-846D-73D9-7B33-0AF6A5F5FD1B}" = Catalyst Control Center Graphics Light
"{FD753E57-1F44-41E6-B962-E01D76676206}" = MySQL Connector C++ 1.1.0
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"Assistant" = Assistant 5.05.010
"ATI Display Driver" = ATI Display Driver
"DAEMON Tools Lite" = DAEMON Tools Lite
"Foxit Reader_is1" = Foxit Reader 5.0
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"ie8" = Windows Internet Explorer 8
"Iomega Storage Manager" = Iomega Storage Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"MultiRes (remove only)" = MultiRes (remove only)
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"Notepad++" = Notepad++
"Radeon Omega Drivers for Windows XP/2kv4.8.442" = Radeon Omega Drivers v4.8.442 Setup Files and Tools
"Totalcmd" = Total Commander (Remove or Repair)
"Update Engine" = Sony Ericsson Update Engine
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VLC media player" = VLC media player 1.1.11
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.03.2012 17:04:42 | Computer Name = DIDDI | Source = MySQL | ID = 100
Description = Can't find messagefile 'C:\WINDOWS\system32\ erver\mysql\MySQL Server
 5.5\share\errmsg.sys'    For more information, see Help and Support Center at hxxp://www.mysql.com.


 
Error - 15.03.2012 17:04:46 | Computer Name = DIDDI | Source = MySQL | ID = 100
Description = Aborting     For more information, see Help and Support Center at hxxp://www.mysql.com.


 
Error - 15.03.2012 17:46:07 | Computer Name = DIDDI | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> [Thu Mar
 15 22:46:07 2012] [warn] The Alias directive in C:/server/Apache2/conf/extra/httpd-autoindex.conf
 at line 20 will probably never match because it overlaps an earlier Alias.     
.
 
Error - 15.03.2012 17:46:07 | Computer Name = DIDDI | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not reliably determine the server's fully qualified domain name, using 127.0.0.1
 for ServerName     .
 
Error - 15.03.2012 17:46:12 | Computer Name = DIDDI | Source = MySQL | ID = 100
Description = Can't find messagefile 'C:\WINDOWS\system32\ erver\mysql\MySQL Server
 5.5\share\errmsg.sys'    For more information, see Help and Support Center at hxxp://www.mysql.com.


 
Error - 15.03.2012 17:46:16 | Computer Name = DIDDI | Source = MySQL | ID = 100
Description = Aborting     For more information, see Help and Support Center at hxxp://www.mysql.com.


 
Error - 15.03.2012 18:08:18 | Computer Name = DIDDI | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> [Thu Mar
 15 23:08:18 2012] [warn] The Alias directive in C:/server/Apache2/conf/extra/httpd-autoindex.conf
 at line 20 will probably never match because it overlaps an earlier Alias.     
.
 
Error - 15.03.2012 18:08:18 | Computer Name = DIDDI | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not reliably determine the server's fully qualified domain name, using 127.0.0.1
 for ServerName     .
 
Error - 15.03.2012 18:08:23 | Computer Name = DIDDI | Source = MySQL | ID = 100
Description = Can't find messagefile 'C:\WINDOWS\system32\ erver\mysql\MySQL Server
 5.5\share\errmsg.sys'    For more information, see Help and Support Center at hxxp://www.mysql.com.


 
Error - 15.03.2012 18:08:30 | Computer Name = DIDDI | Source = MySQL | ID = 100
Description = Aborting     For more information, see Help and Support Center at hxxp://www.mysql.com.


 
[ System Events ]
Error - 20.03.2012 15:34:23 | Computer Name = DIDDI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 20.03.2012 15:34:32 | Computer Name = DIDDI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 20.03.2012 15:34:32 | Computer Name = DIDDI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 20.03.2012 15:34:32 | Computer Name = DIDDI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 20.03.2012 15:34:33 | Computer Name = DIDDI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 20.03.2012 15:34:33 | Computer Name = DIDDI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 20.03.2012 15:34:40 | Computer Name = DIDDI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 20.03.2012 15:34:40 | Computer Name = DIDDI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 20.03.2012 15:34:40 | Computer Name = DIDDI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 20.03.2012 15:34:40 | Computer Name = DIDDI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
 
< End of report >

bestimmt könnt ihr mir helfen

cosinus · 21.03.2012, 17:38

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

solidplanet · 21.03.2012, 22:19

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ca47c898e61cbf4d84fbe85d9bf54754
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-21 09:08:36
# local_time=2012-03-21 10:08:36 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 3804 3804 0 0
# scanned=79756
# found=3
# cleaned=0
# scan_time=5017
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\44\2924cbac-34ef80fe	a variant of Java/Exploit.Blacole.AN trojan (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\xs0nfffy.default\Cache\7\26\91DC9d01	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\xs0nfffy.default\Cache\F\B8\FB5C7d01	JS/Kryptik.JN trojan (unable to clean)	00000000000000000000000000000000	I

cosinus · 22.03.2012, 12:15

Funktioniert der normale Modus eigentlich mittlerweile?

solidplanet · 22.03.2012, 12:40

Jepp, ging bereits nach der Entfernung mittels Malwarebytes Anti-Malware

cosinus · 22.03.2012, 13:04

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

solidplanet · 22.03.2012, 18:32

So, hier nun der OTL Log

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.03.2012 18:17:12 - Run 2
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,48 Mb Total Physical Memory | 263,25 Mb Available Physical Memory | 51,47% Memory free
1,22 Gb Paging File | 0,98 Gb Available in Paging File | 80,31% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,88 Gb Total Space | 25,55 Gb Free Space | 45,72% Space Free | Partition Type: NTFS
 
Computer Name: DIDDI | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.20 20:20:30 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe
PRC - [2011.08.30 20:54:18 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\server\Apache2\bin\httpd.exe
PRC - [2011.08.06 02:14:36 | 000,207,360 | ---- | M] (Iomega Corp) -- C:\Programme\Iomega Storage Manager\pCloudd.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.14 07:53:02 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe
PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003.03.06 12:07:10 | 000,716,800 | ---- | M] () -- C:\Programme\Realtek\Rtl8180\RtlWake.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.21 21:06:37 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
MOD - [2012.02.21 21:03:56 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012.02.17 17:58:13 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012.02.17 17:58:04 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012.02.17 17:57:42 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012.02.17 17:55:33 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012.02.17 17:52:01 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011.11.12 15:08:04 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011.11.12 14:32:08 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3343.28228__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011.11.12 14:32:08 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3343.28200__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.11.12 14:32:08 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3343.28229__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011.11.12 14:32:08 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3343.28221__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011.11.12 14:32:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3343.28213__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011.11.12 14:32:07 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3343.28338__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011.11.12 14:32:07 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3343.28315__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2011.11.12 14:32:07 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3343.28309__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011.11.12 14:32:07 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3343.28213__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011.11.12 14:32:07 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3343.28281__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011.11.12 14:32:07 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3343.28263__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011.11.12 14:32:06 | 000,286,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.3343.28242__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.dll
MOD - [2011.11.12 14:32:06 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3343.28339__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011.11.12 14:32:06 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3343.28229__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2011.11.12 14:32:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3343.28228__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2011.11.12 14:32:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3343.28242__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.dll
MOD - [2011.11.12 14:32:05 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3343.28288__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011.11.12 14:32:05 | 000,172,032 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3343.28280__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2011.11.12 14:32:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3343.28289__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011.11.12 14:32:05 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3343.28288__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011.11.12 14:32:05 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3343.28280__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2011.11.12 14:32:03 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3343.28265__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011.11.12 14:32:03 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3343.28301__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011.11.12 14:32:02 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3343.28215__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011.11.12 14:32:02 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3343.28230__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011.11.12 14:32:02 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3343.28278__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011.11.12 14:32:02 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011.11.12 14:32:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3343.28278__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011.11.12 14:32:01 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3343.28310__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2011.11.12 14:32:01 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3343.28230__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011.11.12 14:32:01 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011.11.12 14:32:01 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3343.28280__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2011.11.12 14:32:01 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3343.28237__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2011.11.12 14:32:01 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3343.28263__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011.11.12 14:32:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3343.28236__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011.11.12 14:32:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011.11.12 14:32:01 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3343.28279__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011.11.12 14:32:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.11.12 14:32:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.11.12 14:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011.11.12 14:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011.11.12 14:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.11.12 14:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011.11.12 14:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.11.12 14:32:00 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011.11.12 14:31:59 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.11.12 14:31:58 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.11.12 14:31:58 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.11.12 14:31:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011.11.12 14:31:58 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.11.12 14:31:58 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011.11.12 14:31:58 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.11.12 14:31:58 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.11.12 14:31:58 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.dll
MOD - [2011.11.12 14:31:58 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3309.28647__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2011.11.12 14:31:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011.11.12 14:31:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.11.12 14:31:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011.11.12 14:31:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.11.12 14:31:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2011.11.12 14:31:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.11.12 14:31:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2011.11.12 14:31:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011.11.12 14:31:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.11.12 14:31:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.11.12 14:31:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.11.12 14:31:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011.11.12 14:31:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011.11.12 14:31:57 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011.11.12 14:31:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2011.11.12 14:31:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3309.28642__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.dll
MOD - [2011.11.12 14:31:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011.11.12 14:31:56 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011.11.12 14:31:56 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011.11.12 14:31:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011.11.12 14:31:55 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011.11.12 14:31:55 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011.11.12 14:31:55 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011.11.12 14:31:55 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011.11.12 14:31:55 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011.11.12 14:31:55 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011.11.12 14:31:55 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Shared\2.0.3309.28642__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Shared.dll
MOD - [2011.11.12 14:31:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011.11.12 14:31:54 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3343.28368__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011.11.12 14:31:54 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3343.28347__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.11.12 14:31:54 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011.11.12 14:31:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.11.12 14:31:54 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011.11.12 14:31:54 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3343.28197__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011.11.12 14:31:53 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3343.28321__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011.11.12 14:31:53 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3343.28221__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.11.12 14:31:53 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3343.28330__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.11.12 14:31:53 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3343.28328__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.11.12 14:31:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.11.12 14:31:53 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.11.12 14:31:53 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.11.12 14:31:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011.11.12 14:31:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.11.12 14:31:53 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011.11.12 14:31:52 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3343.28198__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.11.12 14:31:52 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3343.28199__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011.11.12 14:31:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.11.12 14:31:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.11.12 14:31:51 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3343.28207__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011.11.12 14:31:51 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3343.28199__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011.11.12 14:31:51 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3343.28198__90ba9c70f846762e\APM.Server.dll
MOD - [2011.11.12 14:31:51 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3343.28197__90ba9c70f846762e\AEM.Server.dll
MOD - [2011.11.12 14:31:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.11.12 14:31:51 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011.11.12 14:31:51 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3343.28329__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.11.12 14:31:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011.11.12 14:24:38 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011.07.22 13:42:00 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.07.22 13:41:52 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
MOD - [2003.03.06 12:07:10 | 000,716,800 | ---- | M] () -- C:\Programme\Realtek\Rtl8180\RtlWake.exe
MOD - [2003.01.13 19:17:40 | 000,110,592 | ---- | M] () -- C:\WINDOWS\system32\WakeResDll.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2011.08.30 20:54:18 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\server\Apache2\bin\httpd.exe -- (Apache2.2)
SRV - [2011.08.06 02:14:36 | 000,207,360 | ---- | M] (Iomega Corp) [Auto | Running] -- C:\Programme\Iomega Storage Manager\pCloudd.exe -- (PCloudd)
SRV - [2011.07.13 20:57:18 | 008,155,648 | ---- | M] () [Auto | Stopped] -- C:\server\mysql\MySQL Server 5.5\bin\mysqld.exe -- (MySQL55)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.04.14 07:53:02 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2011.12.22 21:24:20 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.09.08 18:56:24 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.09.08 18:56:24 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.08.06 02:14:36 | 000,017,488 | ---- | M] (Iomega Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vNICdrv.sys -- (vNICdrv)
DRV - [2009.02.25 23:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008.04.13 23:53:48 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2008.04.13 23:53:48 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2008.04.13 23:53:46 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2008.04.13 23:53:44 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)
DRV - [2008.04.13 23:53:42 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2008.04.13 23:53:42 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2008.04.13 23:53:40 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003.06.16 10:05:40 | 000,369,920 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2003.04.30 15:59:40 | 000,259,528 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Nuvision.sys -- (NuVision) Hauppauge WinTV USB Pro (PAL B/G)
DRV - [2003.04.16 07:04:46 | 000,151,808 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8180.sys -- (rtl8180) Realtek RTL8180 Wireless LAN (Mini-)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\..\SearchScopes,DefaultScope = {3719E125-EA2F-4967-89A7-7FFC964A42E6}
IE - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\..\SearchScopes\{3719E125-EA2F-4967-89A7-7FFC964A42E6}: "URL" = hxxp://www.google.de/#hl=de&xhr=t&q={searchTerms}&cp=4&pf=p&sclient=psy&site=&source=hp&aq=0&aqi=g5&aql=&oq={searchTerms}&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=4fc01e6c7e157942&biw=792&bih=439
IE - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.08 09:30:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Programme\Mein Gutscheincode Finder\Firefox [2011.08.02 17:59:43 | 000,000,000 | ---D | M]
 
[2011.12.08 09:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2011.12.12 18:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.12 18:43:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Monitor Apache Servers.lnk = C:\server\Apache2\bin\ApacheMonitor.exe (Apache Software Foundation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\RtlWake.lnk = C:\Programme\Realtek\Rtl8180\FRtlWake.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70C4AB4D-F5A9-4693-9EB3-1516A66CA6F4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70C4AB4D-F5A9-4693-9EB3-1516A66CA6F4}: NameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.07.22 10:32:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell - "" = AutoRun
O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell\AutoRun\command - "" = G:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "SCardSvr"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "idsvc"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 0
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.NTN1 - C:\WINDOWS\System32\nuvision.ax (Zoran Ltd.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.21 20:41:36 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.03.20 20:18:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2012.03.20 19:17:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.03.20 19:17:30 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.20 19:17:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.03.20 19:17:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.03.15 22:55:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.03.15 21:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.03.14 23:53:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\kodak
[2012.03.14 23:53:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Local Settings
[2012.02.21 21:09:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Intelli-studio
[2012.02.21 21:09:24 | 000,000,000 | ---D | C] -- C:\Programme\Samsung
[2011.11.13 10:29:48 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpeA.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.22 18:18:27 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3528E980-125F-4B0E-98D4-673D5501AB05}.job
[2012.03.22 18:16:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.22 18:14:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.22 00:44:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.20 19:17:32 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.15 23:08:33 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.03.15 23:05:25 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012.03.15 22:55:08 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.15 22:48:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.03.15 00:29:44 | 000,521,644 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.03.15 00:29:44 | 000,497,676 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.15 00:29:44 | 000,102,980 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.03.15 00:29:44 | 000,085,870 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.20 19:17:32 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.16 22:22:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.04 10:43:22 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2011.11.21 21:21:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.11.12 14:20:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.11.12 13:26:51 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2011.08.10 20:57:47 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.08 19:09:05 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc
[2011.08.01 19:03:27 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\AdvCfgRes.dll
[2011.08.01 19:03:27 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\CfgResDll.dll
[2011.08.01 19:03:27 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\WakeResDll.dll
[2011.08.01 19:03:27 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\XpCfgRes.dll
[2011.08.01 19:03:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\oemdel.exe
[2011.08.01 19:03:27 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\killpro.exe
[2011.07.31 13:08:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2011.07.29 12:45:55 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.07.23 20:23:47 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011.07.23 20:22:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\atiiprxx.exe
[2011.07.23 20:22:22 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2011.07.23 20:22:22 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.07.23 20:22:22 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.07.23 20:22:22 | 000,182,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.07.23 20:22:21 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2011.07.23 20:22:13 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
[2011.07.22 13:47:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.07.22 11:16:13 | 000,004,362 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.07.22 11:14:38 | 000,188,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.22 10:36:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.07.22 10:27:25 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
 
========== LOP Check ==========
 
[2011.11.13 10:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2011.12.22 21:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011.09.17 19:02:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2011.08.02 18:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\B+P Heyer
[2011.12.22 21:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
[2011.08.01 18:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Foxit Software
[2011.08.09 13:26:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GHISLER
[2011.08.09 19:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GoPal Assistant
[2012.02.04 08:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2011.09.17 19:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MySQL
[2011.09.17 20:58:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Notepad++
[2012.03.22 18:18:27 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3528E980-125F-4B0E-98D4-673D5501AB05}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.22 16:04:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe
[2011.11.12 14:39:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ATI
[2011.08.02 18:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\B+P Heyer
[2011.12.22 21:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
[2011.12.22 21:26:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\dvdcss
[2011.08.01 18:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Foxit Software
[2011.08.09 13:26:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GHISLER
[2011.08.09 19:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GoPal Assistant
[2011.07.22 10:46:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities
[2012.02.21 21:09:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Intelli-studio
[2012.03.14 23:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\kodak
[2012.02.04 08:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2011.07.22 10:52:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia
[2012.03.20 20:18:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2011.08.09 21:04:47 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft
[2011.12.08 09:31:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla
[2011.09.17 19:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MySQL
[2011.09.17 20:58:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Notepad++
[2012.03.15 23:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
[2011.07.22 13:33:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun
[2011.12.21 18:59:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc
[2011.08.09 13:20:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.08.09 20:12:57 | 000,046,080 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GoPal Assistant\Library\E883F460-FD1C-47BD-B0DC-D7BBF8DD9A8D\AutoRunCE.exe
[2011.08.09 20:12:57 | 000,089,088 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GoPal Assistant\Library\E883F460-FD1C-47BD-B0DC-D7BBF8DD9A8D\0\module.exe
[2011.08.09 20:13:05 | 000,089,088 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GoPal Assistant\Library\E883F460-FD1C-47BD-B0DC-D7BBF8DD9A8D\1\module.exe
[2012.02.04 08:16:21 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}\ARPPRODUCTICON.exe
[2011.09.17 18:59:30 | 000,287,934 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{B9A129AB-CA6B-4CD1-B55C-792722E2B947}\InstallerIcon.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2011.07.22 12:13:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.07.22 12:13:56 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.07.22 12:13:55 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

--- --- ---

[/code]

ich hatte noch keine Zeit drüber zu schauen, ist das System erst einmal bereinigt?

cosinus · 23.03.2012, 20:52

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\..\SearchScopes,DefaultScope = {3719E125-EA2F-4967-89A7-7FFC964A42E6}
IE - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\..\SearchScopes\{3719E125-EA2F-4967-89A7-7FFC964A42E6}: "URL" = http://www.google.de/#hl=de&xhr=t&q={searchTerms}&cp=4&pf=p&sclient=psy&site=&source=hp&aq=0&aqi=g5&aql=&oq={searchTerms}&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=4fc01e6c7e157942&biw=792&bih=439
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.07.22 10:32:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell - "" = AutoRun
O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell\AutoRun\command - "" = G:\iStudio.exe
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

solidplanet · 26.03.2012, 15:00

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-1960408961-1935655697-1202660629-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1960408961-1935655697-1202660629-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1960408961-1935655697-1202660629-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3719E125-EA2F-4967-89A7-7FFC964A42E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3719E125-EA2F-4967-89A7-7FFC964A42E6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1960408961-1935655697-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\ not found.
File G:\iStudio.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 180224 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 18657227 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: ***
->Temp folder emptied: 270710124 bytes
->Temporary Internet Files folder emptied: 678880961 bytes
->Java cache emptied: 75576 bytes
->FireFox cache emptied: 194293619 bytes
->Flash cache emptied: 4630 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 469415 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.112,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.1 log created on 03262012_154713

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 26.03.2012, 18:20

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

solidplanet · 26.03.2012, 21:07

also, das tool hat noch einiges gefunden, aber von den 5 kann ich ja schon 4 ausschließen, was das andere ist, weiß ich momentan noch nicht

Code:

ATTFilter

22:01:05.0479 1828	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
22:01:05.0639 1828	============================================================
22:01:05.0639 1828	Current date / time: 2012/03/26 22:01:05.0639
22:01:05.0639 1828	SystemInfo:
22:01:05.0639 1828	
22:01:05.0639 1828	OS Version: 5.1.2600 ServicePack: 3.0
22:01:05.0639 1828	Product type: Workstation
22:01:05.0639 1828	ComputerName: DIDDI
22:01:05.0639 1828	UserName: ***
22:01:05.0639 1828	Windows directory: C:\WINDOWS
22:01:05.0639 1828	System windows directory: C:\WINDOWS
22:01:05.0639 1828	Processor architecture: Intel x86
22:01:05.0639 1828	Number of processors: 1
22:01:05.0639 1828	Page size: 0x1000
22:01:05.0639 1828	Boot type: Normal boot
22:01:05.0639 1828	============================================================
22:01:08.0793 1828	Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:01:08.0823 1828	\Device\Harddisk0\DR0:
22:01:08.0823 1828	MBR used
22:01:08.0823 1828	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
22:01:08.0863 1828	Initialize success
22:01:08.0863 1828	============================================================
22:01:27.0670 1836	============================================================
22:01:27.0670 1836	Scan started
22:01:27.0670 1836	Mode: Manual; SigCheck; TDLFS; 
22:01:27.0670 1836	============================================================
22:01:28.0141 1836	Abiosdsk - ok
22:01:28.0251 1836	abp480n5 - ok
22:01:28.0341 1836	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:01:31.0546 1836	ACPI - ok
22:01:31.0806 1836	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:01:32.0067 1836	ACPIEC - ok
22:01:32.0277 1836	adpu160m - ok
22:01:32.0718 1836	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:01:33.0018 1836	aec - ok
22:01:33.0289 1836	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:01:33.0369 1836	AFD - ok
22:01:33.0689 1836	Aha154x - ok
22:01:33.0799 1836	aic78u2 - ok
22:01:33.0829 1836	aic78xx - ok
22:01:33.0899 1836	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
22:01:34.0170 1836	Alerter - ok
22:01:34.0340 1836	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
22:01:34.0420 1836	ALG - ok
22:01:34.0630 1836	AliIde - ok
22:01:34.0781 1836	AmdK7           (3a0dafac778236559c14c7203fb550eb) C:\WINDOWS\system32\DRIVERS\amdk7.sys
22:01:35.0051 1836	AmdK7 - ok
22:01:35.0221 1836	amsint - ok
22:01:35.0311 1836	Apache2.2       (fcd4f674b0091b6b6d18420df5342941) C:\server\Apache2\bin\httpd.exe
22:01:35.0331 1836	Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
22:01:35.0331 1836	Apache2.2 - detected UnsignedFile.Multi.Generic (1)
22:01:35.0612 1836	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
22:01:35.0722 1836	AppMgmt - ok
22:01:35.0972 1836	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:01:36.0253 1836	Arp1394 - ok
22:01:36.0543 1836	asc - ok
22:01:36.0754 1836	asc3350p - ok
22:01:36.0974 1836	asc3550 - ok
22:01:37.0194 1836	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:01:37.0244 1836	aspnet_state - ok
22:01:37.0575 1836	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:01:37.0845 1836	AsyncMac - ok
22:01:38.0115 1836	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:01:38.0356 1836	atapi - ok
22:01:38.0586 1836	Atdisk - ok
22:01:38.0736 1836	Ati HotKey Poller (2a27a3a8634fb9e29f539d6d3ed3646a) C:\WINDOWS\system32\Ati2evxx.exe
22:01:38.0897 1836	Ati HotKey Poller - ok
22:01:39.0187 1836	ATI Smart       (72810c6a63076a480abce0e0ba0bc981) C:\WINDOWS\system32\ati2sgag.exe
22:01:39.0297 1836	ATI Smart ( UnsignedFile.Multi.Generic ) - warning
22:01:39.0297 1836	ATI Smart - detected UnsignedFile.Multi.Generic (1)
22:01:40.0048 1836	ati2mtag        (8763ede3e0cd40f5c3450571ac57f205) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:01:40.0569 1836	ati2mtag - ok
22:01:40.0839 1836	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:01:41.0110 1836	Atmarpc - ok
22:01:41.0330 1836	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
22:01:41.0611 1836	AudioSrv - ok
22:01:41.0831 1836	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:01:42.0121 1836	audstub - ok
22:01:42.0372 1836	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:01:42.0652 1836	Beep - ok
22:01:42.0862 1836	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
22:01:43.0293 1836	BITS - ok
22:01:43.0593 1836	Bridge          (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
22:01:43.0683 1836	Bridge - ok
22:01:43.0694 1836	BridgeMP        (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
22:01:43.0764 1836	BridgeMP - ok
22:01:43.0974 1836	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
22:01:44.0284 1836	Browser - ok
22:01:44.0585 1836	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:01:44.0835 1836	cbidf2k - ok
22:01:45.0096 1836	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:01:45.0406 1836	CCDECODE - ok
22:01:45.0636 1836	cd20xrnt - ok
22:01:45.0897 1836	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:01:46.0197 1836	Cdaudio - ok
22:01:46.0488 1836	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:01:46.0748 1836	Cdfs - ok
22:01:46.0958 1836	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:01:47.0299 1836	Cdrom - ok
22:01:47.0559 1836	Changer - ok
22:01:47.0659 1836	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
22:01:47.0890 1836	CiSvc - ok
22:01:48.0070 1836	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
22:01:48.0380 1836	ClipSrv - ok
22:01:48.0581 1836	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:01:48.0591 1836	clr_optimization_v2.0.50727_32 - ok
22:01:48.0721 1836	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:01:48.0781 1836	clr_optimization_v4.0.30319_32 - ok
22:01:49.0021 1836	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:01:49.0322 1836	CmBatt - ok
22:01:49.0612 1836	CmdIde - ok
22:01:49.0822 1836	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:01:50.0163 1836	Compbatt - ok
22:01:50.0323 1836	COMSysApp - ok
22:01:50.0383 1836	Cpqarray - ok
22:01:50.0583 1836	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
22:01:50.0864 1836	CryptSvc - ok
22:01:51.0064 1836	dac2w2k - ok
22:01:51.0094 1836	dac960nt - ok
22:01:51.0194 1836	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
22:01:51.0304 1836	DcomLaunch - ok
22:01:51.0685 1836	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
22:01:51.0935 1836	Dhcp - ok
22:01:52.0196 1836	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:01:52.0436 1836	Disk - ok
22:01:52.0706 1836	dmadmin - ok
22:01:52.0847 1836	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
22:01:53.0187 1836	dmboot - ok
22:01:53.0498 1836	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
22:01:53.0738 1836	dmio - ok
22:01:54.0008 1836	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:01:54.0329 1836	dmload - ok
22:01:54.0579 1836	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
22:01:54.0860 1836	dmserver - ok
22:01:55.0130 1836	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:01:55.0460 1836	DMusic - ok
22:01:55.0721 1836	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
22:01:55.0781 1836	Dnscache - ok
22:01:56.0001 1836	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
22:01:56.0252 1836	Dot3svc - ok
22:01:56.0552 1836	dpti2o - ok
22:01:56.0812 1836	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:01:57.0103 1836	drmkaud - ok
22:01:57.0393 1836	dtsoftbus01     (fb38473835476a6fb272215a1d972af9) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
22:01:57.0443 1836	dtsoftbus01 - ok
22:01:57.0674 1836	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
22:01:57.0984 1836	EapHost - ok
22:01:58.0214 1836	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
22:01:58.0475 1836	ERSvc - ok
22:01:58.0885 1836	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
22:01:58.0935 1836	Eventlog - ok
22:01:59.0176 1836	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
22:01:59.0256 1836	EventSystem - ok
22:01:59.0616 1836	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:01:59.0917 1836	Fastfat - ok
22:02:00.0137 1836	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
22:02:00.0177 1836	FastUserSwitchingCompatibility - ok
22:02:00.0578 1836	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:02:00.0868 1836	Fdc - ok
22:02:01.0079 1836	FETNDIS         (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
22:02:01.0319 1836	FETNDIS - ok
22:02:01.0559 1836	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
22:02:01.0810 1836	Fips - ok
22:02:02.0070 1836	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:02:02.0310 1836	Flpydisk - ok
22:02:02.0631 1836	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:02:02.0941 1836	FltMgr - ok
22:02:03.0172 1836	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:02:03.0182 1836	FontCache3.0.0.0 - ok
22:02:03.0452 1836	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:02:03.0752 1836	Fs_Rec - ok
22:02:04.0013 1836	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:02:04.0253 1836	Ftdisk - ok
22:02:04.0533 1836	ggflt           (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
22:02:04.0554 1836	ggflt - ok
22:02:04.0844 1836	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
22:02:04.0864 1836	ggsemc - ok
22:02:05.0074 1836	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:02:05.0365 1836	Gpc - ok
22:02:05.0585 1836	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:02:05.0815 1836	helpsvc - ok
22:02:05.0935 1836	HidServ - ok
22:02:06.0076 1836	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
22:02:06.0346 1836	hkmsvc - ok
22:02:06.0566 1836	hpn - ok
22:02:06.0857 1836	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:02:06.0957 1836	HTTP - ok
22:02:07.0227 1836	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
22:02:07.0548 1836	HTTPFilter - ok
22:02:07.0758 1836	i2omgmt - ok
22:02:07.0778 1836	i2omp - ok
22:02:07.0858 1836	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:02:08.0119 1836	i8042prt - ok
22:02:08.0449 1836	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:02:08.0719 1836	idsvc - ok
22:02:08.0980 1836	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:02:09.0290 1836	Imapi - ok
22:02:09.0591 1836	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
22:02:09.0831 1836	ImapiService - ok
22:02:10.0051 1836	ini910u - ok
22:02:10.0162 1836	IntelIde - ok
22:02:10.0232 1836	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:02:10.0532 1836	Ip6Fw - ok
22:02:10.0722 1836	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:02:10.0963 1836	IpFilterDriver - ok
22:02:11.0213 1836	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:02:11.0503 1836	IpInIp - ok
22:02:11.0764 1836	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:02:12.0014 1836	IpNat - ok
22:02:12.0295 1836	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:02:12.0575 1836	IPSec - ok
22:02:12.0815 1836	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:02:12.0906 1836	IRENUM - ok
22:02:13.0176 1836	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:02:13.0376 1836	isapnp - ok
22:02:13.0807 1836	JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe
22:02:13.0827 1836	JavaQuickStarterService - ok
22:02:14.0097 1836	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:02:14.0398 1836	Kbdclass - ok
22:02:14.0758 1836	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:02:15.0039 1836	kmixer - ok
22:02:15.0259 1836	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:02:15.0339 1836	KSecDD - ok
22:02:15.0599 1836	LanmanServer    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
22:02:15.0680 1836	LanmanServer - ok
22:02:15.0940 1836	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
22:02:16.0020 1836	lanmanworkstation - ok
22:02:16.0240 1836	lbrtfdc - ok
22:02:16.0561 1836	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
22:02:16.0821 1836	LmHosts - ok
22:02:16.0951 1836	MDM             (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
22:02:16.0981 1836	MDM - ok
22:02:17.0212 1836	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
22:02:17.0462 1836	Messenger - ok
22:02:17.0722 1836	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:02:17.0983 1836	mnmdd - ok
22:02:18.0213 1836	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
22:02:18.0423 1836	mnmsrvc - ok
22:02:18.0744 1836	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
22:02:19.0034 1836	Modem - ok
22:02:19.0305 1836	MODEMCSA        (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:02:19.0505 1836	MODEMCSA - ok
22:02:19.0785 1836	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:02:20.0096 1836	Mouclass - ok
22:02:20.0376 1836	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:02:20.0607 1836	MountMgr - ok
22:02:20.0837 1836	mraid35x - ok
22:02:21.0107 1836	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:02:21.0408 1836	MRxDAV - ok
22:02:21.0688 1836	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:02:21.0808 1836	MRxSmb - ok
22:02:22.0039 1836	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
22:02:22.0339 1836	MSDTC - ok
22:02:22.0750 1836	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:02:22.0960 1836	Msfs - ok
22:02:23.0130 1836	MSIServer - ok
22:02:23.0250 1836	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:02:23.0551 1836	MSKSSRV - ok
22:02:23.0821 1836	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:02:24.0032 1836	MSPCLOCK - ok
22:02:24.0292 1836	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:02:24.0592 1836	MSPQM - ok
22:02:24.0893 1836	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:02:25.0053 1836	mssmbios - ok
22:02:25.0303 1836	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:02:25.0604 1836	MSTEE - ok
22:02:25.0844 1836	Mtlmnt5         (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
22:02:26.0084 1836	Mtlmnt5 - ok
22:02:26.0415 1836	Mtlstrm         (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
22:02:26.0826 1836	Mtlstrm - ok
22:02:27.0116 1836	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:02:27.0186 1836	Mup - ok
22:02:27.0386 1836	MySQL55 - ok
22:02:27.0657 1836	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:02:27.0957 1836	NABTSFEC - ok
22:02:28.0187 1836	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
22:02:28.0448 1836	napagent - ok
22:02:28.0738 1836	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:02:29.0029 1836	NDIS - ok
22:02:29.0289 1836	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:02:29.0499 1836	NdisIP - ok
22:02:29.0770 1836	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:02:29.0850 1836	NdisTapi - ok
22:02:30.0170 1836	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:02:30.0431 1836	Ndisuio - ok
22:02:30.0701 1836	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:02:30.0931 1836	NdisWan - ok
22:02:31.0202 1836	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:02:31.0272 1836	NDProxy - ok
22:02:31.0562 1836	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:02:31.0833 1836	NetBIOS - ok
22:02:32.0113 1836	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:02:32.0343 1836	NetBT - ok
22:02:32.0614 1836	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
22:02:32.0834 1836	NetDDE - ok
22:02:32.0854 1836	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
22:02:33.0085 1836	NetDDEdsdm - ok
22:02:33.0325 1836	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:02:33.0525 1836	Netlogon - ok
22:02:33.0776 1836	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
22:02:34.0026 1836	Netman - ok
22:02:34.0436 1836	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:02:35.0158 1836	NetTcpPortSharing - ok
22:02:35.0828 1836	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:02:36.0179 1836	NIC1394 - ok
22:02:36.0910 1836	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
22:02:36.0970 1836	Nla - ok
22:02:37.0461 1836	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:02:37.0731 1836	Npfs - ok
22:02:38.0222 1836	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:02:38.0713 1836	Ntfs - ok
22:02:39.0133 1836	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:02:39.0324 1836	NtLmSsp - ok
22:02:40.0014 1836	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
22:02:41.0256 1836	NtmsSvc - ok
22:02:41.0777 1836	NtMtlFax        (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
22:02:42.0087 1836	NtMtlFax - ok
22:02:42.0508 1836	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:02:42.0748 1836	Null - ok
22:02:43.0129 1836	NuVision        (9817088c20df6d6f82b36dd2ba4992ad) C:\WINDOWS\system32\DRIVERS\NUVision.sys
22:02:43.0209 1836	NuVision ( UnsignedFile.Multi.Generic ) - warning
22:02:43.0219 1836	NuVision - detected UnsignedFile.Multi.Generic (1)
22:02:43.0730 1836	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:02:44.0060 1836	NwlnkFlt - ok
22:02:44.0561 1836	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:02:44.0912 1836	NwlnkFwd - ok
22:02:45.0282 1836	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:02:45.0552 1836	ohci1394 - ok
22:02:45.0773 1836	OMSI download service (da345de3b450e9e1691e7b9956d8ffc3) C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
22:02:45.0803 1836	OMSI download service ( UnsignedFile.Multi.Generic ) - warning
22:02:45.0803 1836	OMSI download service - detected UnsignedFile.Multi.Generic (1)
22:02:45.0893 1836	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
22:02:45.0903 1836	ose - ok
22:02:46.0193 1836	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
22:02:46.0494 1836	Parport - ok
22:02:46.0834 1836	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:02:47.0055 1836	PartMgr - ok
22:02:47.0295 1836	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:02:47.0565 1836	ParVdm - ok
22:02:47.0836 1836	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
22:02:48.0076 1836	PCI - ok
22:02:48.0276 1836	PCIDump - ok
22:02:48.0387 1836	PCIIde - ok
22:02:48.0677 1836	PCloudd         (e3993fd134812e55fc8885d924d46d58) C:\Programme\Iomega Storage Manager\pCloudd.exe
22:02:48.0727 1836	PCloudd ( UnsignedFile.Multi.Generic ) - warning
22:02:48.0727 1836	PCloudd - detected UnsignedFile.Multi.Generic (1)
22:02:48.0997 1836	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:02:49.0278 1836	Pcmcia - ok
22:02:50.0049 1836	PDCOMP - ok
22:02:50.0339 1836	PDFRAME - ok
22:02:50.0560 1836	PDRELI - ok
22:02:50.0780 1836	PDRFRAME - ok
22:02:50.0990 1836	perc2 - ok
22:02:51.0211 1836	perc2hib - ok
22:02:51.0461 1836	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
22:02:51.0501 1836	PlugPlay - ok
22:02:51.0741 1836	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:02:51.0972 1836	PolicyAgent - ok
22:02:52.0442 1836	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:02:52.0853 1836	PptpMiniport - ok
22:02:53.0744 1836	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:02:53.0995 1836	ProtectedStorage - ok
22:02:54.0846 1836	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:02:55.0236 1836	PSched - ok
22:02:55.0737 1836	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:02:55.0997 1836	Ptilink - ok
22:02:56.0218 1836	ql1080 - ok
22:02:56.0248 1836	Ql10wnt - ok
22:02:56.0278 1836	ql12160 - ok
22:02:56.0298 1836	ql1240 - ok
22:02:56.0328 1836	ql1280 - ok
22:02:56.0408 1836	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:02:56.0648 1836	RasAcd - ok
22:02:56.0859 1836	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
22:02:57.0089 1836	RasAuto - ok
22:02:57.0349 1836	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:02:57.0550 1836	Rasl2tp - ok
22:02:57.0810 1836	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
22:02:58.0080 1836	RasMan - ok
22:02:58.0351 1836	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:02:58.0571 1836	RasPppoe - ok
22:02:58.0832 1836	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:02:59.0102 1836	Raspti - ok
22:02:59.0372 1836	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:02:59.0613 1836	Rdbss - ok
22:02:59.0873 1836	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:03:00.0143 1836	RDPCDD - ok
22:03:00.0474 1836	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:03:00.0684 1836	rdpdr - ok
22:03:00.0945 1836	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:03:01.0005 1836	RDPWD - ok
22:03:01.0265 1836	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
22:03:01.0575 1836	RDSessMgr - ok
22:03:03.0028 1836	RecAgent        (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
22:03:03.0238 1836	RecAgent - ok
22:03:03.0508 1836	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:03:03.0769 1836	redbook - ok
22:03:04.0159 1836	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
22:03:04.0460 1836	RemoteAccess - ok
22:03:04.0730 1836	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
22:03:04.0970 1836	RemoteRegistry - ok
22:03:05.0251 1836	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
22:03:05.0491 1836	RpcLocator - ok
22:03:05.0802 1836	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
22:03:05.0882 1836	RpcSs - ok
22:03:06.0142 1836	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
22:03:06.0422 1836	RSVP - ok
22:03:06.0763 1836	rtl8180         (ed90eb06fcfb05dd4cdbe240b4b8122e) C:\WINDOWS\system32\DRIVERS\RTL8180.SYS
22:03:06.0873 1836	rtl8180 - ok
22:03:07.0103 1836	s0016bus        (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys
22:03:07.0123 1836	s0016bus - ok
22:03:07.0374 1836	s0016mdfl       (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
22:03:07.0394 1836	s0016mdfl - ok
22:03:07.0784 1836	s0016mdm        (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
22:03:07.0794 1836	s0016mdm - ok
22:03:08.0045 1836	s0016mgmt       (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
22:03:08.0065 1836	s0016mgmt - ok
22:03:08.0305 1836	s0016nd5        (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
22:03:08.0315 1836	s0016nd5 - ok
22:03:08.0606 1836	s0016obex       (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys
22:03:08.0626 1836	s0016obex - ok
22:03:08.0916 1836	s0016unic       (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys
22:03:08.0936 1836	s0016unic - ok
22:03:09.0166 1836	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:03:09.0437 1836	SamSs - ok
22:03:09.0677 1836	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
22:03:09.0887 1836	SCardSvr - ok
22:03:10.0138 1836	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
22:03:10.0438 1836	Schedule - ok
22:03:10.0759 1836	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:03:10.0829 1836	Secdrv - ok
22:03:11.0059 1836	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
22:03:11.0299 1836	seclogon - ok
22:03:11.0620 1836	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
22:03:11.0860 1836	SENS - ok
22:03:12.0121 1836	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
22:03:12.0381 1836	Serial - ok
22:03:12.0732 1836	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:03:12.0912 1836	Sfloppy - ok
22:03:13.0182 1836	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
22:03:13.0493 1836	SharedAccess - ok
22:03:14.0043 1836	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
22:03:14.0063 1836	ShellHWDetection - ok
22:03:14.0284 1836	Simbad - ok
22:03:14.0434 1836	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:03:14.0674 1836	SLIP - ok
22:03:14.0905 1836	Slntamr         (2c1779c0feb1f4a6033600305eba623a) C:\WINDOWS\system32\DRIVERS\slntamr.sys
22:03:15.0095 1836	Slntamr - ok
22:03:15.0465 1836	SlNtHal         (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
22:03:15.0746 1836	SlNtHal - ok
22:03:15.0746 1836	SLService - ok
22:03:16.0026 1836	SlWdmSup        (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
22:03:16.0207 1836	SlWdmSup - ok
22:03:16.0397 1836	Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
22:03:16.0417 1836	Sony Ericsson PCCompanion - ok
22:03:16.0697 1836	Sparrow - ok
22:03:16.0948 1836	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:03:17.0248 1836	splitter - ok
22:03:17.0478 1836	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:03:17.0568 1836	Spooler - ok
22:03:17.0849 1836	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
22:03:17.0959 1836	sr - ok
22:03:18.0199 1836	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
22:03:18.0340 1836	srservice - ok
22:03:18.0700 1836	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:03:18.0810 1836	Srv - ok
22:03:19.0061 1836	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
22:03:19.0171 1836	SSDPSRV - ok
22:03:19.0441 1836	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
22:03:19.0692 1836	stisvc - ok
22:03:19.0922 1836	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:03:20.0162 1836	streamip - ok
22:03:20.0503 1836	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:03:20.0753 1836	swenum - ok
22:03:21.0033 1836	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:03:21.0264 1836	swmidi - ok
22:03:21.0434 1836	SwPrv - ok
22:03:21.0494 1836	symc810 - ok
22:03:21.0524 1836	symc8xx - ok
22:03:21.0905 1836	sym_hi - ok
22:03:22.0015 1836	sym_u3 - ok
22:03:22.0095 1836	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:03:22.0375 1836	sysaudio - ok
22:03:22.0526 1836	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
22:03:22.0776 1836	SysmonLog - ok
22:03:23.0026 1836	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
22:03:23.0357 1836	TapiSrv - ok
22:03:23.0667 1836	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:03:23.0747 1836	Tcpip - ok
22:03:23.0988 1836	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:03:24.0218 1836	TDPIPE - ok
22:03:24.0458 1836	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:03:24.0689 1836	TDTCP - ok
22:03:24.0949 1836	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:03:25.0209 1836	TermDD - ok
22:03:25.0580 1836	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
22:03:25.0790 1836	TermService - ok
22:03:26.0041 1836	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
22:03:26.0061 1836	Themes - ok
22:03:26.0331 1836	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
22:03:26.0441 1836	TlntSvr - ok
22:03:26.0682 1836	TosIde - ok
22:03:26.0902 1836	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
22:03:27.0152 1836	TrkWks - ok
22:03:27.0423 1836	uagp35          (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
22:03:27.0653 1836	uagp35 - ok
22:03:27.0903 1836	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:03:28.0174 1836	Udfs - ok
22:03:28.0374 1836	ultra - ok
22:03:28.0474 1836	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:03:28.0694 1836	Update - ok
22:03:28.0925 1836	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
22:03:29.0045 1836	upnphost - ok
22:03:29.0265 1836	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
22:03:29.0506 1836	UPS - ok
22:03:29.0826 1836	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:03:30.0046 1836	usbaudio - ok
22:03:30.0367 1836	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:03:30.0637 1836	usbccgp - ok
22:03:30.0908 1836	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:03:31.0078 1836	usbehci - ok
22:03:31.0338 1836	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:03:31.0609 1836	usbhub - ok
22:03:31.0839 1836	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:03:32.0059 1836	usbstor - ok
22:03:32.0310 1836	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:03:32.0590 1836	usbuhci - ok
22:03:32.0850 1836	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:03:33.0071 1836	usbvideo - ok
22:03:33.0321 1836	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:03:33.0582 1836	VgaSave - ok
22:03:33.0842 1836	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:03:34.0042 1836	ViaIde - ok
22:03:34.0333 1836	VIAudio         (ec14fedcfc97f0af98215ce385afec23) C:\WINDOWS\system32\drivers\viaudios.sys
22:03:34.0503 1836	VIAudio - ok
22:03:34.0823 1836	vNICdrv         (eedef70f54e4bab9d7a8d79f3418b3f1) C:\WINDOWS\system32\DRIVERS\vNICdrv.sys
22:03:34.0843 1836	vNICdrv - ok
22:03:35.0114 1836	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
22:03:35.0364 1836	VolSnap - ok
22:03:35.0634 1836	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
22:03:35.0725 1836	VSS - ok
22:03:35.0975 1836	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
22:03:36.0195 1836	W32Time - ok
22:03:36.0456 1836	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:03:36.0666 1836	Wanarp - ok
22:03:36.0916 1836	wceusbsh        (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
22:03:36.0986 1836	wceusbsh - ok
22:03:37.0277 1836	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:03:37.0357 1836	Wdf01000 - ok
22:03:37.0567 1836	WDICA - ok
22:03:37.0717 1836	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:03:37.0988 1836	wdmaud - ok
22:03:38.0148 1836	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
22:03:38.0338 1836	WebClient - ok
22:03:38.0649 1836	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:03:38.0919 1836	winmgmt - ok
22:03:39.0160 1836	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:03:39.0230 1836	WmdmPmSN - ok
22:03:40.0071 1836	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
22:03:40.0181 1836	Wmi - ok
22:03:40.0552 1836	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:03:40.0832 1836	WmiApSrv - ok
22:03:41.0172 1836	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:03:41.0273 1836	WPFFontCache_v0400 - ok
22:03:41.0513 1836	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
22:03:41.0773 1836	wscsvc - ok
22:03:41.0974 1836	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:03:42.0144 1836	WSTCODEC - ok
22:03:42.0364 1836	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
22:03:42.0615 1836	wuauserv - ok
22:03:42.0865 1836	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:03:42.0925 1836	WudfPf - ok
22:03:43.0155 1836	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:03:43.0195 1836	WudfRd - ok
22:03:43.0416 1836	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:03:43.0506 1836	WudfSvc - ok
22:03:43.0896 1836	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
22:03:44.0187 1836	WZCSVC - ok
22:03:44.0417 1836	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
22:03:44.0687 1836	xmlprov - ok
22:03:44.0758 1836	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
22:03:45.0128 1836	\Device\Harddisk0\DR0 - ok
22:03:45.0168 1836	Boot (0x1200)   (4c3168a4153672a18a5d1ff5c7a62ef1) \Device\Harddisk0\DR0\Partition0
22:03:45.0178 1836	\Device\Harddisk0\DR0\Partition0 - ok
22:03:45.0178 1836	============================================================
22:03:45.0178 1836	Scan finished
22:03:45.0178 1836	============================================================
22:03:45.0298 2440	Detected object count: 5
22:03:45.0298 2440	Actual detected object count: 5

cosinus · 26.03.2012, 21:34

Der untere Teil vom Log fehlt. Unter der Anzahl der Objekte, die der TDSS-Killer beanstandet müsste genau diese Einträge alle nochmal aufgelistet werden

solidplanet · 27.03.2012, 06:28

Ich habe aber den Log eins zu eins übertragen. (außer den User-Namen)

ahhhh... ich hatte noch nicht auf close geklickt, sondern hab das Fenster offen gelassen...
hier nunn noch der Rest:
Schnipsel

Code:

ATTFilter

07:28:57.0091 2440	Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user
07:28:57.0091 2440	Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:28:57.0091 2440	ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
07:28:57.0091 2440	ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:28:57.0091 2440	NuVision ( UnsignedFile.Multi.Generic ) - skipped by user
07:28:57.0091 2440	NuVision ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:28:57.0091 2440	OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
07:28:57.0091 2440	OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:28:57.0091 2440	PCloudd ( UnsignedFile.Multi.Generic ) - skipped by user
07:28:57.0101 2440	PCloudd ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 27.03.2012, 11:41

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

solidplanet · 27.03.2012, 19:15

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-03-27.02 - *** 27.03.2012  19:53:07.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.511.162 [GMT 2:00]
ausgeführt von:: \\Faith\shareddocs\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\hpeA.dll
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))
.
.
2012-03-26 13:47 . 2012-03-26 13:47	--------	d-----w-	C:\_OTL
2012-03-21 19:41 . 2012-03-21 19:41	--------	d-----w-	c:\programme\ESET
2012-03-20 19:18 . 2012-03-20 19:18	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2012-03-20 18:17 . 2012-03-20 18:17	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-03-20 18:17 . 2012-03-20 18:17	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-03-20 18:17 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-14 23:04 . 2012-03-20 18:16	--------	d-----w-	c:\dokumente und einstellungen\Administrator
2012-03-14 22:53 . 2012-03-14 22:54	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\kodak
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-26 14:07 . 2011-07-22 15:03	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-04 07:16 . 2012-02-04 07:16	40960	----a-r-	c:\dokumente und einstellungen\***\Anwendungsdaten\Microsoft\Installer\{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}\ARPPRODUCTICON.exe
2012-02-03 09:57 . 2008-04-14 12:00	1860224	----a-w-	c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 21:22	3072	------w-	c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-07-22 09:25	139784	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-26 14:04 . 2011-12-08 08:30	97208	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2006-02-22 344064]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Monitor Apache Servers.lnk - c:\server\Apache2\bin\ApacheMonitor.exe [2011-8-30 41051]
RtlWake.lnk - c:\programme\Realtek\Rtl8180\FRtlWake.exe [2011-8-1 28672]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [22.12.2011 22:24 239168]
S2 Apache2.2;Apache2.2;c:\server\Apache2\bin\httpd.exe [30.08.2011 21:54 20549]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S2 MySQL55;MySQL55;"c:\server\mysql\MySQL Server 5.5\bin\mysqld" --defaults-file="c:\dokumente und einstellungen\All Users\Anwendungsdaten\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> c:\server\mysql\MySQL Server 5.5\bin\mysqld [?]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [13.11.2011 11:29 90112]
S2 PCloudd;PCloudd;c:\programme\Iomega Storage Manager\pCloudd.exe [06.08.2011 03:14 207360]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [08.09.2011 19:56 13224]
S3 NuVision;Hauppauge WinTV USB Pro (PAL B/G);c:\windows\system32\drivers\Nuvision.sys [12.11.2011 14:26 259528]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [01.08.2011 20:03 151808]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [08.09.2011 19:43 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [08.09.2011 19:43 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [08.09.2011 19:43 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [08.09.2011 19:43 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [08.09.2011 19:43 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [08.09.2011 19:43 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [08.09.2011 19:43 115752]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [08.09.2011 19:41 155344]
S3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\drivers\vNICdrv.sys [06.08.2011 03:14 17488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 c:\windows\Tasks\User_Feed_Synchronization-{3528E980-125F-4B0E-98D4-673D5501AB05}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{70C4AB4D-F5A9-4693-9EB3-1516A66CA6F4}: NameServer = 192.168.0.1
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\xs0nfffy.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-2kv4.8.442 - c:\windows\Radeon Omega Drivers v4.8.442
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-27 20:06
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL55]
"ImagePath"="\"c:\server\mysql\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\dokumente und einstellungen\All Users\Anwendungsdaten\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-03-27  20:11:50
ComboFix-quarantined-files.txt  2012-03-27 18:11
.
Vor Suchlauf: 13 Verzeichnis(se), 28.220.416.000 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 28.481.134.592 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7D74D84955022FC479A7657107CCCBA1
--- --- ---

22.03.2012, 12:15	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA-National Cyber Crime Unite hat zugeschlagen - winXP Sp3 Funktioniert der normale Modus eigentlich mittlerweile? __________________ Logfiles bitte immer in CODE-Tags posten

26.03.2012, 21:34	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA-National Cyber Crime Unite hat zugeschlagen - winXP Sp3 Der untere Teil vom Log fehlt. Unter der Anzahl der Objekte, die der TDSS-Killer beanstandet müsste genau diese Einträge alle nochmal aufgelistet werden __________________ Logfiles bitte immer in CODE-Tags posten

BKA-National Cyber Crime Unite hat zugeschlagen - winXP Sp3

Log-Analyse und Auswertung: BKA-National Cyber Crime Unite hat zugeschlagen - winXP Sp3