Spamhaus Virus, "IP adress was blocked", einige Internetseiten blockiert

Ela41 · 29.05.2012, 23:39

Wie ich gelesen habe, ist dieses Problem bei einige Leuten hier schon aufgetaucht:
Seit einiger Zeit erscheint beim Aufrufen von google.com/de, youtube.com, facebook.com und einigen weiteren "populären" Seiten

SPAMHAUS - Your Computer IP adress was blocked for prevent...etc und will eine Überweisung von 2€ für das "Unlocken"

Ich habe die 3 Schritte von dem "Für alle Hilfesuchenden" -Post durchgeführt, was problemlos geklappt hat! (Danke - sehr gut zu verstehen!)

Ich hänge die Logfiles mal an.

Für eure Hilfe wäre ich sehr dankbar!
Liebe Grüße Ela

cosinus · 31.05.2012, 11:55

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Ela41 · 31.05.2012, 22:41

Danke für die schnelle Antwort!

Malwarebytes Scan:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.31.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gabi :: GABI [Administrator]

31.05.2012 20:01:10
mbam-log-2012-05-31 (20-01-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 245168
Laufzeit: 22 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|renovator (Trojan.Zbot) -> Daten: C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Skype\{7C6A9B72-5A57-4CE9-BE50-816B6522BC32}\renovator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Skype\{7C6A9B72-5A57-4CE9-BE50-816B6522BC32}\renovator.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Wihas\lasin.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Gabi\Lokale Einstellungen\Temp\tmp72b5c017.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Gabi\Lokale Einstellungen\Temp\tmpf5468ce1\volumeup.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ESET Scan:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4a0fd493dfa237458439aa067f2c910f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-31 09:22:55
# local_time=2012-05-31 11:22:55 (+0100, Romanische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 93 6720 75027583 1739 0
# compatibility_mode=8192 67108863 100 0 4154 4154 0 0
# scanned=52821
# found=3
# cleaned=0
# scan_time=3657
C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Identities\{9ABF06FF-9BFA-4D02-B28C-E88926DB6DE0}\LicenseValidator.exe	a variant of Win32/Kryptik.AFVU trojan (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\Gabi\Lokale Einstellungen\Temp\tmpB.tmp.exe	a variant of Win32/Injector.RMH trojan (unable to clean)	00000000000000000000000000000000	I
${Memory}	a variant of Win32/Gataka.B trojan	00000000000000000000000000000000	I

cosinus · 01.06.2012, 12:54

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Ela41 · 02.06.2012, 01:18

Nein, das war das erste Mal, dass mit Malewarebytes gescannt wurde.
Der Laptop ist relativ neu, meines Wissens warn das gestern die ersten Vollscans überhaupt...

cosinus · 02.06.2012, 18:30

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Ela41 · 06.06.2012, 14:06

Der normale Modus geht uneingeschränkt!
Es fehlt nichts im Startmenü und es gibt keine leeren Ordner unter Alle Programme. Jedoch sind unter C:\WINDOWS seehr viele "blasse" Ordner ("$UninstallKB954...") aufgetaucht, die da wahrscheinlich nicht hingehören..

Außerdem kommt jetzt bei den Seiten, bei denen davor immer die Spamhaus Meldung erschienen ist, nur noch ein Seiten-Ladefehler wg Netzwerk-Zeitüberschreitung.

cosinus · 06.06.2012, 14:59

Zitat:

viele "blasse" Ordner ("$UninstallKB954...") aufgetaucht, die da wahrscheinlich nicht hingehören..

Und wie sie da hingehören.

Weil man etwas nicht kennt, ist das nicht gleich "wahrscheinlich illegitim"

Diese besagten "blassen" Ordner mit $NTUninstall sind die Deinstallationsordner der Windows-Hotfixes

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Ela41 · 06.06.2012, 18:10

haha da hast du sehr Recht!

Ich kann mir nicht helfen, blasse Ordner und §$%& Zeichen schauen für mich einfach so verdammt verdächtig aus..
Ich werd auf jeden Fall keine meiner meist falschen PC Einschätzungen mehr abgeben, sorry!

Danke fürs schnelle Antworten!

Code:

ATTFilter

OTL logfile created on: 06.06.2012 18:42:05 - Run 2
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Dokumente und Einstellungen\Gabi\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
895,30 Mb Total Physical Memory | 286,52 Mb Available Physical Memory | 32,00% Memory free
2,12 Gb Paging File | 1,52 Gb Available in Paging File | 71,89% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 133,26 Gb Total Space | 117,04 Gb Free Space | 87,83% Space Free | Partition Type: NTFS
Drive D: | 15,77 Gb Total Space | 8,56 Gb Free Space | 54,24% Space Free | Partition Type: FAT32
 
Computer Name: GABI | User Name: Gabi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.29 20:59:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gabi\Desktop\OTL.exe
PRC - [2012.02.25 23:33:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.04.21 07:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.21 00:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.05.25 13:38:08 | 002,048,000 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Programme\System Control Manager\MGSysCtrl.exe
PRC - [2008.12.05 09:08:40 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.11.05 09:21:04 | 000,159,744 | ---- | M] (Micro-Star Int'l Co., Ltd.) -- C:\Programme\System Control Manager\MSIService.exe
PRC - [2008.10.17 10:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\PowerDVD8\PDVD8Serv.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.13 12:38:51 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.13 12:38:46 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll
MOD - [2012.05.13 12:38:21 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.13 12:38:04 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.05.13 12:33:36 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.13 12:33:18 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
MOD - [2012.05.13 12:00:50 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
MOD - [2012.05.13 01:05:49 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.13 01:05:27 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2010.05.04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.01.28 13:59:50 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.05.25 08:53:04 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.05.25 08:53:03 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.05.25 08:53:02 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.05.25 08:53:01 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.05.24 13:58:46 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3358.38385__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009.05.24 13:58:46 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3358.38459__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.05.24 13:58:46 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3358.38428__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.05.24 13:58:46 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3358.38368__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.05.24 13:58:46 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.05.24 13:58:46 | 000,172,032 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3358.38422__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2009.05.24 13:58:46 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3358.38460__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.05.24 13:58:46 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3358.38386__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2009.05.24 13:58:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3358.38428__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.05.24 13:58:46 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3358.38441__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.05.24 13:58:46 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3358.38376__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.05.24 13:58:46 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3358.38423__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.05.24 13:58:46 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3358.38427__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.05.24 13:58:46 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3358.38423__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2009.05.24 13:58:46 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3358.38381__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.05.24 13:58:46 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3358.38410__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009.05.24 13:58:46 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3358.38386__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2009.05.24 13:58:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3358.38376__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009.05.24 13:58:45 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3358.38412__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.05.24 13:58:45 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3358.38377__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009.05.24 13:58:45 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009.05.24 13:58:45 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3358.38407__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.05.24 13:58:45 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.05.24 13:58:45 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3358.38435__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.05.24 13:58:45 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3358.38422__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009.05.24 13:58:45 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3358.38391__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009.05.24 13:58:45 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.05.24 13:58:45 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3358.38421__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009.05.24 13:58:45 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3358.38412__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.05.24 13:58:45 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.05.24 13:58:45 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3358.38391__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009.05.24 13:58:45 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.05.24 13:58:45 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3358.38420__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009.05.24 13:58:45 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3358.38422__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.05.24 13:58:44 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.05.24 13:58:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.05.24 13:58:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.05.24 13:58:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.05.24 13:58:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.05.24 13:58:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009.05.24 13:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.05.24 13:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.05.24 13:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2009.05.24 13:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009.05.24 13:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.05.24 13:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.05.24 13:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.05.24 13:58:44 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.05.24 13:58:43 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3358.38372__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.05.24 13:58:43 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3358.38449__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009.05.24 13:58:43 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3358.38485__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2009.05.24 13:58:43 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3358.38381__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.05.24 13:58:43 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3358.38454__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.05.24 13:58:43 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3358.38365__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.05.24 13:58:43 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3358.38366__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009.05.24 13:58:43 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3358.38452__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.05.24 13:58:43 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3358.38365__90ba9c70f846762e\APM.Server.dll
MOD - [2009.05.24 13:58:43 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3358.38367__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009.05.24 13:58:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.05.24 13:58:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3358.38364__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.05.24 13:58:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3358.38467__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.05.24 13:58:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.05.24 13:58:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.05.24 13:58:43 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.05.24 13:58:43 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.05.24 13:58:43 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3358.38453__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.05.24 13:58:43 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.05.24 13:58:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009.05.24 13:58:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.05.24 13:58:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.05.24 13:58:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009.05.24 13:58:43 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009.05.24 13:58:43 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009.05.24 13:58:43 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3358.38363__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.04.10 09:31:56 | 000,053,248 | ---- | M] () -- C:\Programme\System Control Manager\MGKBHook.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.12.05 09:07:42 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008.12.05 09:05:44 | 000,069,697 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.05 23:31:13 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.28 10:03:29 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.25 23:33:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.11.05 09:21:04 | 000,159,744 | ---- | M] (Micro-Star Int'l Co., Ltd.) [Auto | Running] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.14 14:00:00 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008.04.14 14:00:00 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008.04.14 14:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008.04.14 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008.04.14 14:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008.04.14 14:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- E:\Hwinfo32\HWiNFO32.SYS -- (HWiNFO32)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.02.25 23:33:20 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.02.25 23:33:20 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.29 16:05:15 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.23 04:50:08 | 000,548,992 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8192se.sys -- (RTL8192se)
DRV - [2009.05.21 21:29:00 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.04.07 18:14:36 | 005,066,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.02.20 18:12:00 | 003,729,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008.10.31 04:19:18 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008.10.31 04:19:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.10.30 21:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.08.05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.07.24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008.05.30 10:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008.04.14 14:00:00 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008.04.14 14:00:00 | 000,154,112 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008.04.14 14:00:00 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008.04.14 14:00:00 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008.04.14 14:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008.04.14 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2008.04.14 14:00:00 | 000,007,040 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2008.04.14 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2008.03.10 17:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008.02.04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006.01.04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3128460212-2992746192-3724337644-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3128460212-2992746192-3724337644-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3128460212-2992746192-3724337644-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3128460212-2992746192-3724337644-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.04.28 10:03:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2011.06.28 23:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Mozilla\Extensions
[2012.05.05 19:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Mozilla\Firefox\Profiles\gprjhw5m.default\extensions
[2012.02.21 20:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.15 22:32:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.28 10:03:28 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Skype Click to Call = C:\Dokumente und Einstellungen\Gabi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\
CHR - Extension: Skype Click to Call = C:\Dokumente und Einstellungen\Gabi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,011,267 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 46.108.240.220 google.com
O1 - Hosts: 46.108.240.220 www.google.com
O1 - Hosts: 46.108.240.220 facebook.com
O1 - Hosts: 46.108.240.220 www.facebook.com
O1 - Hosts: 46.108.240.220 yahoo.com
O1 - Hosts: 46.108.240.220 www.yahoo.com
O1 - Hosts: 46.108.240.220 live.com
O1 - Hosts: 46.108.240.220 www.live.com
O1 - Hosts: 46.108.240.220 bing.com
O1 - Hosts: 46.108.240.220 www.bing.com
O1 - Hosts: 46.108.240.220 gmail.com
O1 - Hosts: 46.108.240.220 www.gmail.com
O1 - Hosts: 46.108.240.220 youtube.com
O1 - Hosts: 46.108.240.220 www.youtube.com
O1 - Hosts: 46.108.240.220 aol.com
O1 - Hosts: 46.108.240.220 www.aol.com
O1 - Hosts: 46.108.240.220 google.de
O1 - Hosts: 46.108.240.220 www.google.de
O1 - Hosts: 46.108.240.220 google.fr
O1 - Hosts: 46.108.240.220 www.google.fr
O1 - Hosts: 46.108.240.220 google.es
O1 - Hosts: 46.108.240.220 www.google.es
O1 - Hosts: 46.108.240.220 google.pt
O1 - Hosts: 46.108.240.220 www.google.pt
O1 - Hosts: 358 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3128460212-2992746192-3724337644-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programme\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Programme\HomeCinema\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Programme\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Gabi\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3128460212-2992746192-3724337644-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267090751167 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267090732183 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50292491-594C-4E19-9B94-8354AC4E1EB9}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Gabi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Gabi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.17 09:58:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{c883a048-3789-11d6-a42e-0024216f1575}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{dd7d568a-9d0a-11de-a437-0024216f1575}\Shell\AutoRun\command - "" = E:\autorun.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.06 18:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Startmenü\Programme\PowerDVD 8
[2012.06.03 01:13:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in
[2012.05.31 22:09:52 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Gabi\Desktop\esetsmartinstaller_enu.exe
[2012.05.31 21:12:46 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.05.31 19:58:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Malwarebytes
[2012.05.31 19:58:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.05.31 19:57:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.05.31 19:57:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.05.31 19:57:58 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.05.29 20:59:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gabi\Desktop\OTL.exe
[2012.05.29 20:48:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012.05.16 00:25:48 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Gabi\Recent
[2012.05.14 22:55:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Wihas
[2012.05.14 22:55:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Tahy
[2012.05.14 22:55:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Hehosa
[2012.05.13 21:40:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Ugdize
[2012.05.13 21:40:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Idydm
[2012.05.13 21:40:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Icib
[2012.05.13 21:40:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Help
[2012.05.13 21:35:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\TeamViewer
[2012.05.07 21:40:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Ikidyg
[2012.05.07 21:40:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Axat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.06 18:34:39 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.06 18:34:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.06 18:34:19 | 938,856,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.06 15:05:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.06 14:57:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.06 14:20:26 | 002,017,254 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabi\Desktop\WINDOWS screenshot.bmp
[2012.06.06 13:41:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.05.31 22:10:00 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Gabi\Desktop\esetsmartinstaller_enu.exe
[2012.05.31 19:58:00 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 00:27:52 | 003,148,854 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabi\Desktop\ScreenshotSpamhaus.BMP
[2012.05.29 20:59:50 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabi\defogger_reenable
[2012.05.29 20:59:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gabi\Desktop\OTL.exe
[2012.05.13 01:04:34 | 000,449,492 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.05.13 01:04:34 | 000,433,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.13 01:04:34 | 000,080,754 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.05.13 01:04:34 | 000,068,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.12 22:56:29 | 000,212,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.06 14:20:26 | 002,017,254 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabi\Desktop\WINDOWS screenshot.bmp
[2012.05.31 19:58:00 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 00:27:52 | 003,148,854 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabi\Desktop\ScreenshotSpamhaus.BMP
[2012.05.29 20:59:50 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabi\defogger_reenable
[2012.02.18 09:09:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.06.28 23:40:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.12.25 03:09:17 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2009.05.25 14:26:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2009.09.04 13:56:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\BullGuard
[2009.05.25 10:09:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\OfficeUpdate12
[2012.05.30 12:12:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Axat
[2012.05.14 22:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Hehosa
[2012.05.29 20:37:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Icib
[2012.05.16 00:52:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Idydm
[2012.05.31 20:38:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Ikidyg
[2009.05.25 10:09:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\OfficeUpdate12
[2011.11.19 18:12:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\OpenOffice.org
[2012.05.14 22:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Tahy
[2012.05.13 21:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\TeamViewer
[2012.05.13 21:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Ugdize
[2012.05.31 20:25:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Wihas
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.05.25 13:44:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Adobe
[2009.05.24 14:04:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\ATI
[2012.02.21 20:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Avira
[2012.05.30 12:12:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Axat
[2012.05.14 22:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Hehosa
[2012.05.13 21:40:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Help
[2012.05.29 20:37:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Icib
[2009.05.17 10:20:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Identities
[2012.05.16 00:52:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Idydm
[2012.05.31 20:38:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Ikidyg
[2009.05.25 14:21:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\InstallShield
[2009.05.25 07:41:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Macromedia
[2012.05.31 19:58:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Malwarebytes
[2011.11.19 17:53:08 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Microsoft
[2011.06.28 23:40:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Mozilla
[2009.05.25 10:09:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\OfficeUpdate12
[2011.11.19 18:12:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\OpenOffice.org
[2012.06.06 18:36:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Skype
[2009.05.24 15:35:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Sun
[2012.05.14 22:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Tahy
[2012.05.13 21:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\TeamViewer
[2012.05.13 21:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Ugdize
[2012.05.31 20:25:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Wihas
 
< %APPDATA%\*.exe /s >
[2012.03.03 13:19:29 | 008,124,064 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\I386\IASTOR.SYS
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\OEMDRV\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.05.17 11:34:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.05.17 11:34:27 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.05.17 11:34:27 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

cosinus · 07.06.2012, 12:02

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.17 09:58:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{c883a048-3789-11d6-a42e-0024216f1575}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{dd7d568a-9d0a-11de-a437-0024216f1575}\Shell\AutoRun\command - "" = E:\autorun.bat
[2012.05.14 22:55:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Wihas
[2012.05.14 22:55:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Tahy
[2012.05.14 22:55:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Hehosa
[2012.05.13 21:40:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Ugdize
[2012.05.13 21:40:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Idydm
[2012.05.13 21:40:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Icib
[2012.05.07 21:40:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Ikidyg
[2012.05.07 21:40:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Axat
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Ela41 · 07.06.2012, 22:13

Die Internetseiten funktionieren wieder!

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
D:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c883a048-3789-11d6-a42e-0024216f1575}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c883a048-3789-11d6-a42e-0024216f1575}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd7d568a-9d0a-11de-a437-0024216f1575}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd7d568a-9d0a-11de-a437-0024216f1575}\ not found.
File E:\autorun.bat not found.
C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Wihas folder moved successfully.
C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Tahy folder moved successfully.
C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Hehosa folder moved successfully.
C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Ugdize folder moved successfully.
C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Idydm folder moved successfully.
C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Icib folder moved successfully.
C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Ikidyg folder moved successfully.
C:\Dokumente und Einstellungen\Gabi\Anwendungsdaten\Axat folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Besitzer
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 278662 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes
 
User: Gabi
->Temp folder emptied: 61138211 bytes
->Temporary Internet Files folder emptied: 19339023 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59656102 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8127991 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 2833287 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61440 bytes
RecycleBin emptied: 8329243 bytes
 
Total Files Cleaned = 155,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Besitzer
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Gabi
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.44.0 log created on 06072012_230454

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 07.06.2012, 22:27

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Ela41 · 08.06.2012, 00:05

TDSS-Killer Log

Code:

ATTFilter

00:57:24.0265 3924	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
00:57:24.0390 3924	============================================================
00:57:24.0390 3924	Current date / time: 2012/06/08 00:57:24.0390
00:57:24.0390 3924	SystemInfo:
00:57:24.0390 3924	
00:57:24.0390 3924	OS Version: 5.1.2600 ServicePack: 3.0
00:57:24.0390 3924	Product type: Workstation
00:57:24.0406 3924	ComputerName: GABI
00:57:24.0406 3924	UserName: Gabi
00:57:24.0406 3924	Windows directory: C:\WINDOWS
00:57:24.0406 3924	System windows directory: C:\WINDOWS
00:57:24.0406 3924	Processor architecture: Intel x86
00:57:24.0406 3924	Number of processors: 1
00:57:24.0406 3924	Page size: 0x1000
00:57:24.0406 3924	Boot type: Normal boot
00:57:24.0406 3924	============================================================
00:57:26.0187 3924	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:57:26.0187 3924	============================================================
00:57:26.0187 3924	\Device\Harddisk0\DR0:
00:57:26.0187 3924	MBR partitions:
00:57:26.0187 3924	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x10A852B5
00:57:26.0187 3924	\Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x10A852F4, BlocksNum 0x1F937CD
00:57:26.0187 3924	============================================================
00:57:26.0218 3924	C: <-> \Device\Harddisk0\DR0\Partition0
00:57:26.0250 3924	D: <-> \Device\Harddisk0\DR0\Partition1
00:57:26.0250 3924	============================================================
00:57:26.0250 3924	Initialize success
00:57:26.0250 3924	============================================================
00:58:30.0093 2436	============================================================
00:58:30.0093 2436	Scan started
00:58:30.0093 2436	Mode: Manual; SigCheck; TDLFS; 
00:58:30.0093 2436	============================================================
00:58:30.0437 2436	Abiosdsk - ok
00:58:30.0453 2436	abp480n5 - ok
00:58:30.0515 2436	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:58:31.0343 2436	ACPI - ok
00:58:31.0375 2436	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
00:58:31.0546 2436	ACPIEC - ok
00:58:31.0625 2436	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:58:31.0640 2436	AdobeFlashPlayerUpdateSvc - ok
00:58:31.0656 2436	adpu160m - ok
00:58:31.0703 2436	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:58:31.0875 2436	aec - ok
00:58:31.0937 2436	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:58:31.0984 2436	AFD - ok
00:58:31.0984 2436	Aha154x - ok
00:58:32.0000 2436	aic78u2 - ok
00:58:32.0000 2436	aic78xx - ok
00:58:32.0046 2436	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
00:58:32.0234 2436	Alerter - ok
00:58:32.0296 2436	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
00:58:32.0375 2436	ALG - ok
00:58:32.0375 2436	AliIde - ok
00:58:32.0531 2436	Ambfilt         (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
00:58:32.0656 2436	Ambfilt - ok
00:58:32.0750 2436	amsint - ok
00:58:32.0875 2436	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
00:58:32.0906 2436	AntiVirSchedulerService - ok
00:58:32.0953 2436	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
00:58:32.0968 2436	AntiVirService - ok
00:58:32.0984 2436	AppMgmt - ok
00:58:32.0984 2436	asc - ok
00:58:33.0000 2436	asc3350p - ok
00:58:33.0000 2436	asc3550 - ok
00:58:33.0093 2436	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:58:33.0125 2436	aspnet_state - ok
00:58:33.0140 2436	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:58:33.0328 2436	AsyncMac - ok
00:58:33.0421 2436	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:58:33.0593 2436	atapi - ok
00:58:33.0625 2436	Atdisk - ok
00:58:33.0703 2436	Ati HotKey Poller (1635a809b90eac3c0a844249e9a35856) C:\WINDOWS\system32\Ati2evxx.exe
00:58:33.0750 2436	Ati HotKey Poller - ok
00:58:34.0031 2436	ati2mtag        (7452ab1a89f43785d20a10066bc3b73a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:58:34.0187 2436	ati2mtag - ok
00:58:34.0312 2436	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:58:34.0500 2436	Atmarpc - ok
00:58:34.0531 2436	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
00:58:34.0750 2436	AudioSrv - ok
00:58:34.0812 2436	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:58:35.0000 2436	audstub - ok
00:58:35.0093 2436	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
00:58:35.0093 2436	avgio - ok
00:58:35.0125 2436	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
00:58:35.0171 2436	avgntflt - ok
00:58:35.0218 2436	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
00:58:35.0234 2436	avipbb - ok
00:58:35.0312 2436	BBSvc           (01a24b415926bb5f772dbe12459d97de) C:\Programme\Microsoft\BingBar\BBSvc.EXE
00:58:35.0328 2436	BBSvc - ok
00:58:35.0390 2436	BBUpdate        (785de7abda13309d6065305542829e76) C:\Programme\Microsoft\BingBar\SeaPort.EXE
00:58:35.0421 2436	BBUpdate - ok
00:58:35.0453 2436	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:58:35.0640 2436	Beep - ok
00:58:35.0703 2436	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
00:58:35.0906 2436	BITS - ok
00:58:36.0015 2436	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
00:58:36.0203 2436	Browser - ok
00:58:36.0312 2436	btaudio         (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
00:58:36.0343 2436	btaudio - ok
00:58:36.0375 2436	BTDriver        (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
00:58:36.0390 2436	BTDriver - ok
00:58:36.0484 2436	BTKRNL          (ed0bd05be3c494a8fec0674880d5bc4d) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
00:58:36.0562 2436	BTKRNL - ok
00:58:36.0687 2436	btwdins         (5ea9662c4864e0ee276497a0444e5802) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
00:58:36.0703 2436	btwdins - ok
00:58:36.0734 2436	BTWDNDIS        (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
00:58:36.0750 2436	BTWDNDIS - ok
00:58:36.0781 2436	btwhid          (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
00:58:36.0781 2436	btwhid - ok
00:58:36.0812 2436	BTWUSB          (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys
00:58:36.0828 2436	BTWUSB - ok
00:58:36.0859 2436	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:58:37.0062 2436	cbidf2k - ok
00:58:37.0109 2436	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:58:37.0312 2436	CCDECODE - ok
00:58:37.0312 2436	cd20xrnt - ok
00:58:37.0406 2436	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:58:37.0578 2436	Cdaudio - ok
00:58:37.0625 2436	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:58:37.0828 2436	Cdfs - ok
00:58:37.0906 2436	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:58:38.0093 2436	Cdrom - ok
00:58:38.0093 2436	Changer - ok
00:58:38.0187 2436	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
00:58:38.0390 2436	CiSvc - ok
00:58:38.0390 2436	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
00:58:38.0593 2436	ClipSrv - ok
00:58:38.0671 2436	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:58:38.0718 2436	clr_optimization_v2.0.50727_32 - ok
00:58:38.0765 2436	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:58:38.0937 2436	CmBatt - ok
00:58:38.0953 2436	CmdIde - ok
00:58:38.0984 2436	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:58:39.0171 2436	Compbatt - ok
00:58:39.0187 2436	COMSysApp - ok
00:58:39.0203 2436	Cpqarray - ok
00:58:39.0250 2436	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
00:58:39.0437 2436	CryptSvc - ok
00:58:39.0453 2436	dac2w2k - ok
00:58:39.0453 2436	dac960nt - ok
00:58:39.0531 2436	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
00:58:39.0609 2436	DcomLaunch - ok
00:58:39.0671 2436	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
00:58:39.0812 2436	Dhcp - ok
00:58:39.0890 2436	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:58:40.0078 2436	Disk - ok
00:58:40.0093 2436	dmadmin - ok
00:58:40.0250 2436	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
00:58:40.0437 2436	dmboot - ok
00:58:40.0500 2436	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
00:58:40.0687 2436	dmio - ok
00:58:40.0718 2436	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:58:40.0906 2436	dmload - ok
00:58:40.0984 2436	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
00:58:41.0156 2436	dmserver - ok
00:58:41.0203 2436	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:58:41.0375 2436	DMusic - ok
00:58:41.0421 2436	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
00:58:41.0484 2436	Dnscache - ok
00:58:41.0531 2436	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
00:58:41.0703 2436	Dot3svc - ok
00:58:41.0718 2436	dpti2o - ok
00:58:41.0796 2436	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:58:42.0000 2436	drmkaud - ok
00:58:42.0078 2436	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
00:58:42.0296 2436	EapHost - ok
00:58:42.0375 2436	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
00:58:42.0578 2436	ERSvc - ok
00:58:42.0625 2436	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
00:58:42.0640 2436	Eventlog - ok
00:58:42.0671 2436	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
00:58:42.0718 2436	EventSystem - ok
00:58:42.0765 2436	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:58:42.0953 2436	Fastfat - ok
00:58:42.0984 2436	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
00:58:43.0031 2436	FastUserSwitchingCompatibility - ok
00:58:43.0046 2436	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:58:43.0234 2436	Fdc - ok
00:58:43.0281 2436	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
00:58:43.0468 2436	Fips - ok
00:58:43.0484 2436	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:58:43.0671 2436	Flpydisk - ok
00:58:43.0718 2436	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:58:43.0890 2436	FltMgr - ok
00:58:44.0046 2436	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:58:44.0062 2436	FontCache3.0.0.0 - ok
00:58:44.0109 2436	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:58:44.0296 2436	Fs_Rec - ok
00:58:44.0390 2436	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:58:44.0546 2436	Ftdisk - ok
00:58:44.0609 2436	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:58:44.0828 2436	Gpc - ok
00:58:44.0953 2436	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
00:58:44.0968 2436	gupdate - ok
00:58:44.0984 2436	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
00:58:45.0000 2436	gupdatem - ok
00:58:45.0046 2436	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:58:45.0218 2436	HDAudBus - ok
00:58:45.0328 2436	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:58:45.0515 2436	helpsvc - ok
00:58:45.0578 2436	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
00:58:45.0765 2436	HidServ - ok
00:58:45.0796 2436	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:58:45.0953 2436	HidUsb - ok
00:58:45.0984 2436	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
00:58:46.0156 2436	hkmsvc - ok
00:58:46.0171 2436	hpn - ok
00:58:46.0218 2436	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:58:46.0281 2436	HTTP - ok
00:58:46.0312 2436	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
00:58:46.0500 2436	HTTPFilter - ok
00:58:46.0500 2436	HWiNFO32 - ok
00:58:46.0515 2436	i2omgmt - ok
00:58:46.0515 2436	i2omp - ok
00:58:46.0593 2436	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:58:46.0765 2436	i8042prt - ok
00:58:46.0875 2436	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:58:46.0921 2436	idsvc - ok
00:58:46.0984 2436	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:58:47.0171 2436	Imapi - ok
00:58:47.0203 2436	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
00:58:47.0390 2436	ImapiService - ok
00:58:47.0390 2436	ini910u - ok
00:58:47.0781 2436	IntcAzAudAddService (e61c2662ba16c6d6e933abf45a625d55) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:58:48.0156 2436	IntcAzAudAddService - ok
00:58:48.0218 2436	IntelIde - ok
00:58:48.0265 2436	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:58:48.0453 2436	Ip6Fw - ok
00:58:48.0484 2436	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:58:48.0687 2436	IpFilterDriver - ok
00:58:48.0703 2436	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:58:48.0875 2436	IpInIp - ok
00:58:48.0906 2436	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:58:49.0078 2436	IpNat - ok
00:58:49.0125 2436	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:58:49.0328 2436	IPSec - ok
00:58:49.0390 2436	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:58:49.0468 2436	IRENUM - ok
00:58:49.0515 2436	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:58:49.0656 2436	isapnp - ok
00:58:49.0765 2436	JavaQuickStarterService (09417134f248dfceea15c72bcc87f592) C:\Programme\Java\jre6\bin\jqs.exe
00:58:49.0796 2436	JavaQuickStarterService - ok
00:58:49.0812 2436	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:58:49.0984 2436	Kbdclass - ok
00:58:50.0078 2436	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:58:50.0296 2436	kbdhid - ok
00:58:50.0406 2436	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:58:50.0578 2436	kmixer - ok
00:58:50.0640 2436	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:58:50.0718 2436	KSecDD - ok
00:58:50.0765 2436	LanmanServer    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
00:58:50.0796 2436	LanmanServer - ok
00:58:50.0859 2436	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
00:58:50.0890 2436	lanmanworkstation - ok
00:58:50.0890 2436	lbrtfdc - ok
00:58:50.0953 2436	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
00:58:51.0140 2436	LmHosts - ok
00:58:51.0234 2436	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
00:58:51.0250 2436	McComponentHostService - ok
00:58:51.0265 2436	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
00:58:51.0468 2436	Messenger - ok
00:58:51.0515 2436	Micro Star SCM  (c0d500e27e0b858207f809c6f8b1142f) C:\Programme\System Control Manager\MSIService.exe
00:58:51.0531 2436	Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
00:58:51.0531 2436	Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
00:58:51.0562 2436	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:58:51.0718 2436	mnmdd - ok
00:58:51.0781 2436	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
00:58:51.0953 2436	mnmsrvc - ok
00:58:51.0984 2436	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
00:58:52.0156 2436	Modem - ok
00:58:52.0281 2436	Monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
00:58:52.0421 2436	Monfilt - ok
00:58:52.0437 2436	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:58:52.0625 2436	Mouclass - ok
00:58:52.0671 2436	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:58:52.0843 2436	mouhid - ok
00:58:52.0890 2436	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:58:53.0046 2436	MountMgr - ok
00:58:53.0125 2436	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
00:58:53.0156 2436	MozillaMaintenance - ok
00:58:53.0156 2436	mraid35x - ok
00:58:53.0187 2436	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:58:53.0343 2436	MRxDAV - ok
00:58:53.0406 2436	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:58:53.0500 2436	MRxSmb - ok
00:58:53.0546 2436	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
00:58:53.0703 2436	MSDTC - ok
00:58:53.0765 2436	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:58:53.0968 2436	Msfs - ok
00:58:53.0968 2436	MSIServer - ok
00:58:54.0093 2436	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:58:54.0250 2436	MSKSSRV - ok
00:58:54.0265 2436	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:58:54.0421 2436	MSPCLOCK - ok
00:58:54.0437 2436	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:58:54.0656 2436	MSPQM - ok
00:58:54.0687 2436	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:58:55.0000 2436	mssmbios - ok
00:58:55.0031 2436	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:58:55.0203 2436	MSTEE - ok
00:58:55.0281 2436	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:58:55.0312 2436	Mup - ok
00:58:55.0328 2436	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:58:55.0515 2436	NABTSFEC - ok
00:58:55.0593 2436	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
00:58:55.0781 2436	napagent - ok
00:58:55.0875 2436	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:58:56.0031 2436	NDIS - ok
00:58:56.0078 2436	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:58:56.0265 2436	NdisIP - ok
00:58:56.0375 2436	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:58:56.0437 2436	NdisTapi - ok
00:58:56.0468 2436	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:58:56.0640 2436	Ndisuio - ok
00:58:56.0687 2436	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:58:56.0859 2436	NdisWan - ok
00:58:56.0890 2436	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:58:56.0921 2436	NDProxy - ok
00:58:56.0937 2436	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:58:57.0093 2436	NetBIOS - ok
00:58:57.0156 2436	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:58:57.0328 2436	NetBT - ok
00:58:57.0375 2436	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
00:58:57.0562 2436	NetDDE - ok
00:58:57.0562 2436	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
00:58:57.0750 2436	NetDDEdsdm - ok
00:58:57.0781 2436	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
00:58:57.0953 2436	Netlogon - ok
00:58:57.0984 2436	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
00:58:58.0140 2436	Netman - ok
00:58:58.0234 2436	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:58:58.0250 2436	NetTcpPortSharing - ok
00:58:58.0312 2436	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
00:58:58.0328 2436	Nla - ok
00:58:58.0343 2436	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:58:58.0546 2436	Npfs - ok
00:58:58.0625 2436	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:58:58.0812 2436	Ntfs - ok
00:58:58.0828 2436	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
00:58:59.0000 2436	NtLmSsp - ok
00:58:59.0062 2436	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
00:58:59.0250 2436	NtmsSvc - ok
00:58:59.0281 2436	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:58:59.0437 2436	Null - ok
00:58:59.0468 2436	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:58:59.0625 2436	NwlnkFlt - ok
00:58:59.0656 2436	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:58:59.0828 2436	NwlnkFwd - ok
00:59:00.0015 2436	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
00:59:00.0046 2436	odserv - ok
00:59:00.0078 2436	ose             (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
00:59:00.0109 2436	ose - ok
00:59:00.0156 2436	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
00:59:00.0328 2436	Parport - ok
00:59:00.0343 2436	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:59:00.0531 2436	PartMgr - ok
00:59:00.0562 2436	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
00:59:00.0703 2436	ParVdm - ok
00:59:00.0734 2436	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
00:59:00.0906 2436	PCI - ok
00:59:00.0906 2436	PCIDump - ok
00:59:00.0921 2436	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:59:01.0093 2436	PCIIde - ok
00:59:01.0171 2436	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:59:01.0328 2436	Pcmcia - ok
00:59:01.0343 2436	PDCOMP - ok
00:59:01.0343 2436	PDFRAME - ok
00:59:01.0359 2436	PDRELI - ok
00:59:01.0359 2436	PDRFRAME - ok
00:59:01.0375 2436	perc2 - ok
00:59:01.0390 2436	perc2hib - ok
00:59:01.0453 2436	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
00:59:01.0484 2436	PlugPlay - ok
00:59:01.0515 2436	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
00:59:01.0687 2436	PolicyAgent - ok
00:59:01.0718 2436	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:59:01.0875 2436	PptpMiniport - ok
00:59:01.0953 2436	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
00:59:02.0109 2436	Processor - ok
00:59:02.0125 2436	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
00:59:02.0296 2436	ProtectedStorage - ok
00:59:02.0343 2436	ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\WINDOWS\system32\PSIService.exe
00:59:02.0359 2436	ProtexisLicensing - ok
00:59:02.0375 2436	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:59:02.0546 2436	PSched - ok
00:59:02.0578 2436	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:59:02.0765 2436	Ptilink - ok
00:59:02.0781 2436	PxHelp20        (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:59:02.0796 2436	PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
00:59:02.0796 2436	PxHelp20 - detected UnsignedFile.Multi.Generic (1)
00:59:02.0812 2436	ql1080 - ok
00:59:02.0812 2436	Ql10wnt - ok
00:59:02.0828 2436	ql12160 - ok
00:59:02.0843 2436	ql1240 - ok
00:59:02.0843 2436	ql1280 - ok
00:59:02.0875 2436	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:59:03.0046 2436	RasAcd - ok
00:59:03.0078 2436	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
00:59:03.0234 2436	RasAuto - ok
00:59:03.0281 2436	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:59:03.0421 2436	Rasl2tp - ok
00:59:03.0437 2436	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
00:59:03.0609 2436	RasMan - ok
00:59:03.0625 2436	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:59:03.0796 2436	RasPppoe - ok
00:59:03.0843 2436	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:59:04.0015 2436	Raspti - ok
00:59:04.0046 2436	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:59:04.0187 2436	Rdbss - ok
00:59:04.0203 2436	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:59:04.0375 2436	RDPCDD - ok
00:59:04.0468 2436	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
00:59:04.0484 2436	RDPWD - ok
00:59:04.0531 2436	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
00:59:04.0703 2436	RDSessMgr - ok
00:59:04.0734 2436	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:59:04.0890 2436	redbook - ok
00:59:04.0984 2436	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
00:59:05.0171 2436	RemoteAccess - ok
00:59:05.0343 2436	RichVideo       (06a49b7bdc36cfbf97dd90804f833369) C:\Programme\Cyberlink\Shared files\RichVideo.exe
00:59:05.0359 2436	RichVideo - ok
00:59:05.0390 2436	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
00:59:05.0546 2436	RpcLocator - ok
00:59:05.0593 2436	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
00:59:05.0656 2436	RpcSs - ok
00:59:05.0671 2436	RSUSBSTOR - ok
00:59:05.0718 2436	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
00:59:05.0906 2436	RSVP - ok
00:59:06.0156 2436	RTHDMIAzAudService (574916c897459dac8eea37bab503b48f) C:\WINDOWS\system32\drivers\RtKHDMI.sys
00:59:06.0375 2436	RTHDMIAzAudService - ok
00:59:06.0484 2436	RTL8192se       (4b656a5401b6a1a48c34b1759111f5b9) C:\WINDOWS\system32\DRIVERS\rtl8192se.sys
00:59:06.0546 2436	RTL8192se - ok
00:59:06.0593 2436	RTLE8023xp      (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
00:59:06.0640 2436	RTLE8023xp - ok
00:59:06.0640 2436	RtsUIR - ok
00:59:06.0687 2436	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
00:59:06.0859 2436	SamSs - ok
00:59:06.0968 2436	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
00:59:07.0156 2436	SCardSvr - ok
00:59:07.0265 2436	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
00:59:07.0421 2436	Schedule - ok
00:59:07.0437 2436	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:59:07.0500 2436	Secdrv - ok
00:59:07.0546 2436	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
00:59:07.0703 2436	seclogon - ok
00:59:07.0718 2436	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
00:59:07.0859 2436	SENS - ok
00:59:07.0953 2436	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
00:59:08.0109 2436	Serial - ok
00:59:08.0156 2436	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:59:08.0328 2436	Sfloppy - ok
00:59:08.0390 2436	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
00:59:08.0546 2436	SharedAccess - ok
00:59:08.0671 2436	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
00:59:08.0687 2436	ShellHWDetection - ok
00:59:08.0687 2436	Simbad - ok
00:59:08.0734 2436	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:59:08.0906 2436	SLIP - ok
00:59:08.0921 2436	Sparrow - ok
00:59:08.0937 2436	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:59:09.0093 2436	splitter - ok
00:59:09.0140 2436	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:59:09.0171 2436	Spooler - ok
00:59:09.0218 2436	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
00:59:09.0312 2436	sr - ok
00:59:09.0343 2436	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
00:59:09.0406 2436	srservice - ok
00:59:09.0468 2436	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:59:09.0546 2436	Srv - ok
00:59:09.0593 2436	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
00:59:09.0671 2436	SSDPSRV - ok
00:59:09.0718 2436	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
00:59:09.0734 2436	ssmdrv - ok
00:59:09.0765 2436	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
00:59:09.0953 2436	stisvc - ok
00:59:10.0062 2436	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:59:10.0265 2436	streamip - ok
00:59:10.0359 2436	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:59:10.0515 2436	swenum - ok
00:59:10.0531 2436	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:59:10.0718 2436	swmidi - ok
00:59:10.0718 2436	SwPrv - ok
00:59:10.0734 2436	symc810 - ok
00:59:10.0750 2436	symc8xx - ok
00:59:10.0750 2436	sym_hi - ok
00:59:10.0765 2436	sym_u3 - ok
00:59:10.0828 2436	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:59:11.0000 2436	sysaudio - ok
00:59:11.0031 2436	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
00:59:11.0187 2436	SysmonLog - ok
00:59:11.0234 2436	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
00:59:11.0406 2436	TapiSrv - ok
00:59:11.0437 2436	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:59:11.0468 2436	Tcpip - ok
00:59:11.0515 2436	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:59:11.0671 2436	TDPIPE - ok
00:59:11.0703 2436	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:59:11.0859 2436	TDTCP - ok
00:59:11.0937 2436	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:59:12.0093 2436	TermDD - ok
00:59:12.0140 2436	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
00:59:12.0296 2436	TermService - ok
00:59:12.0343 2436	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
00:59:12.0359 2436	Themes - ok
00:59:12.0359 2436	TosIde - ok
00:59:12.0406 2436	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
00:59:12.0578 2436	TrkWks - ok
00:59:12.0656 2436	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:59:12.0812 2436	Udfs - ok
00:59:12.0828 2436	ultra - ok
00:59:12.0875 2436	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:59:13.0031 2436	Update - ok
00:59:13.0046 2436	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
00:59:13.0140 2436	upnphost - ok
00:59:13.0156 2436	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
00:59:13.0312 2436	UPS - ok
00:59:13.0359 2436	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:59:13.0515 2436	usbccgp - ok
00:59:13.0531 2436	USBCCID - ok
00:59:13.0546 2436	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:59:13.0718 2436	usbehci - ok
00:59:13.0734 2436	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:59:13.0906 2436	usbhub - ok
00:59:13.0921 2436	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:59:14.0062 2436	usbohci - ok
00:59:14.0078 2436	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:59:14.0296 2436	usbstor - ok
00:59:14.0296 2436	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
00:59:14.0453 2436	usbvideo - ok
00:59:14.0484 2436	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:59:14.0656 2436	VgaSave - ok
00:59:14.0671 2436	ViaIde - ok
00:59:14.0703 2436	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
00:59:14.0859 2436	VolSnap - ok
00:59:14.0968 2436	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
00:59:15.0031 2436	VSS - ok
00:59:15.0078 2436	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
00:59:15.0250 2436	W32Time - ok
00:59:15.0343 2436	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:59:15.0515 2436	Wanarp - ok
00:59:15.0593 2436	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
00:59:15.0625 2436	Wdf01000 - ok
00:59:15.0640 2436	WDICA - ok
00:59:15.0687 2436	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:59:15.0828 2436	wdmaud - ok
00:59:15.0937 2436	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
00:59:16.0109 2436	WebClient - ok
00:59:16.0203 2436	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:59:16.0343 2436	winmgmt - ok
00:59:16.0437 2436	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
00:59:16.0468 2436	WmdmPmSN - ok
00:59:16.0500 2436	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
00:59:16.0656 2436	WmiAcpi - ok
00:59:16.0687 2436	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:59:16.0859 2436	WmiApSrv - ok
00:59:17.0062 2436	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
00:59:17.0140 2436	WMPNetworkSvc - ok
00:59:17.0171 2436	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:59:17.0359 2436	WS2IFSL - ok
00:59:17.0468 2436	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
00:59:17.0640 2436	wscsvc - ok
00:59:17.0671 2436	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:59:17.0828 2436	WSTCODEC - ok
00:59:17.0937 2436	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
00:59:18.0093 2436	wuauserv - ok
00:59:18.0125 2436	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:59:18.0187 2436	WudfPf - ok
00:59:18.0203 2436	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:59:18.0218 2436	WudfRd - ok
00:59:18.0250 2436	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
00:59:18.0281 2436	WudfSvc - ok
00:59:18.0343 2436	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
00:59:18.0515 2436	WZCSVC - ok
00:59:18.0578 2436	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
00:59:18.0750 2436	xmlprov - ok
00:59:18.0828 2436	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
00:59:19.0390 2436	\Device\Harddisk0\DR0 - ok
00:59:19.0390 2436	Boot (0x1200)   (6262c9a8a58c438db98c2a2d01e7c2ad) \Device\Harddisk0\DR0\Partition0
00:59:19.0390 2436	\Device\Harddisk0\DR0\Partition0 - ok
00:59:19.0421 2436	Boot (0x1200)   (e89f2cd2f4ed98228334f56b2b90b2f9) \Device\Harddisk0\DR0\Partition1
00:59:19.0421 2436	\Device\Harddisk0\DR0\Partition1 - ok
00:59:19.0421 2436	============================================================
00:59:19.0421 2436	Scan finished
00:59:19.0421 2436	============================================================
00:59:19.0578 2884	Detected object count: 2
00:59:19.0578 2884	Actual detected object count: 2
00:59:40.0328 2884	Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
00:59:40.0328 2884	Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:59:40.0328 2884	PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
00:59:40.0328 2884	PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 08.06.2012, 09:24

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Ela41 · 10.06.2012, 12:20

ComboFix Log

Code:

ATTFilter

ComboFix 12-06-09.02 - Gabi 10.06.2012  13:07:32.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.895.447 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Gabi\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\dokumente und einstellungen\Gabi\Anwendungsdaten\Help\coredb\storage
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-10 bis 2012-06-10  ))))))))))))))))))))))))))))))
.
.
2012-06-07 21:04 . 2012-06-07 21:04	--------	d-----w-	C:\_OTL
2012-05-31 19:12 . 2012-05-31 19:12	--------	d-----w-	c:\programme\ESET
2012-05-31 17:58 . 2012-05-31 17:58	--------	d-----w-	c:\dokumente und einstellungen\Gabi\Anwendungsdaten\Malwarebytes
2012-05-31 17:57 . 2012-05-31 17:57	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-05-31 17:57 . 2012-05-31 17:58	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-05-31 17:57 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-29 18:48 . 2012-05-29 18:48	--------	d-----w-	c:\windows\system32\NtmsData
2012-05-13 19:35 . 2012-05-13 19:35	--------	d-----w-	c:\dokumente und einstellungen\Gabi\Anwendungsdaten\TeamViewer
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2008-04-14 12:00	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-05 21:31 . 2012-05-05 21:31	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-05 21:31 . 2012-03-03 11:21	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:51 . 2008-04-14 07:30	2071424	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2008-04-14 12:00	1862400	----a-w-	c:\windows\system32\win32k.sys
2012-04-11 13:51 . 2008-04-14 12:00	2194944	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-28 08:03 . 2012-02-21 18:19	97208	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-12 61440]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-03 17567744]
"MGSysCtrl"="c:\programme\System Control Manager\MGSysCtrl.exe" [2009-05-25 2048000]
"UCam_Menu"="c:\programme\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"RemoteControl8"="c:\programme\HomeCinema\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\programme\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-01-05 413696]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Gabi\Startmenü\Programme\Autostart\
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-5 604776]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [29.06.2011 00:08 136360]
R2 BBUpdate;BBUpdate;c:\programme\Microsoft\BingBar\SeaPort.EXE [13.10.2011 18:21 249648]
R2 Micro Star SCM;Micro Star SCM;c:\programme\System Control Manager\MSIService.exe [25.05.2009 14:21 159744]
R3 RTL8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [24.05.2009 14:27 548992]
S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\e:\hwinfo32\HWiNFO32.SYS --> e:\hwinfo32\HWiNFO32.SYS [?]
S2 BBSvc;Bing Bar Update Service;c:\programme\Microsoft\BingBar\BBSvc.EXE [21.10.2011 16:23 196176]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [29.06.2011 00:24 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05.05.2012 23:31 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.05.2009 14:07 1684736]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [29.06.2011 00:24 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [28.04.2012 10:03 129976]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys --> c:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 21:31]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-06-28 22:24]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-06-28 22:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Gabi\Anwendungsdaten\Mozilla\Firefox\Profiles\gprjhw5m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\programme\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-10 13:13
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-06-10  13:15:40
ComboFix-quarantined-files.txt  2012-06-10 11:15
.
Vor Suchlauf: 6 Verzeichnis(se), 125.749.518.336 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 126.123.925.504 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - BC961F108CA83649F709634B4FD14BD4

01.06.2012, 12:54	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Spamhaus Virus, "IP adress was blocked", einige Internetseiten blockiert Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

02.06.2012, 18:30	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Spamhaus Virus, "IP adress was blocked", einige Internetseiten blockiert Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ --> Spamhaus Virus, "IP adress was blocked", einige Internetseiten blockiert

Spamhaus Virus, "IP adress was blocked", einige Internetseiten blockiert

Log-Analyse und Auswertung: Spamhaus Virus, "IP adress was blocked", einige Internetseiten blockiert