|
Plagegeister aller Art und deren Bekämpfung: GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit PasswortWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.06.2012, 13:39 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
27.06.2012, 14:54 | #17 |
| GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort codeOTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 27.06.2012 15:39:56 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 895,23 Mb Total Physical Memory | 607,14 Mb Available Physical Memory | 67,82% Memory free 2,12 Gb Paging File | 1,77 Gb Available in Paging File | 83,73% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 146,48 Gb Total Space | 97,57 Gb Free Space | 66,61% Space Free | Partition Type: NTFS Drive D: | 86,39 Gb Total Space | 66,85 Gb Free Space | 77,38% Space Free | Partition Type: NTFS Computer Name: BENUTZER-0D266D | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.27 15:36:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\24960-OTL.exe PRC - [2012.06.13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe PRC - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2011.07.11 17:14:11 | 001,036,104 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.07.04 19:52:44 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.02 13:09:45 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.18 13:05:29 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.12.28 01:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe ========== Modules (No Company Name) ========== MOD - [2011.07.11 17:14:22 | 001,640,216 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\Resources.dll MOD - [2011.07.11 17:14:21 | 000,256,424 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll MOD - [2010.06.17 15:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2008.09.11 00:00:05 | 000,168,960 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\unrar.dll MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe -- (de_serv) SRV - File not found [Auto | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.06.26 18:14:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.23 09:57:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\DaSi\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.07.11 17:14:11 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.07.04 19:52:44 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.02 13:09:45 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.09.01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2006.12.28 01:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.07.04 19:52:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.04 19:52:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.08.01 10:42:41 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.02.22 16:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2008.02.22 16:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2008.02.22 16:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2007.11.27 21:06:42 | 004,630,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.04.16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2006.12.28 01:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.12.28 01:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006.07.11 15:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006.07.11 15:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689 IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.ebay.de/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Programme\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.02.28 19:56:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.03.18 13:06:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.01.29 21:18:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.26 18:14:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.16 16:49:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.04.21 17:37:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.01.29 21:18:30 | 000,000,000 | ---D | M] [2010.08.19 17:58:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions [2010.08.19 17:58:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.27 11:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\extensions [2010.12.15 11:10:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.19 17:19:25 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.16 16:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\extensions\nostmp [2011.12.20 21:02:04 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\searchplugins\11-suche.xml [2011.12.20 21:02:05 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\searchplugins\englische-ergebnisse.xml [2011.12.20 21:02:04 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\searchplugins\gmx-suche.xml [2011.12.20 21:02:05 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\searchplugins\lastminute.xml [2011.12.20 21:02:04 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\searchplugins\webde-suche.xml [2011.12.30 20:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.17 19:44:41 | 000,576,958 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BESITZER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BSAJWLDN.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2011.08.25 21:31:36 | 000,011,510 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BESITZER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BSAJWLDN.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2012.06.27 11:53:50 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM [2012.06.27 11:53:50 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF [2012.06.26 18:14:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.02.24 10:11:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.06.26 18:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.26 18:14:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.26 18:14:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.26 18:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.26 18:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.26 18:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\Toolbar\ShellBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-448539723-162531612-839522115-1003..\Run: [] File not found O4 - HKU\S-1-5-21-448539723-162531612-839522115-1003..\Run: [C0mDiXEtF1yrWmk] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TarArchiver.exe File not found O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Programme\Lavasoft\Ad-Aware\AutoLaunch.exe () O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Programme\Lavasoft\Ad-Aware\AutoLaunch.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O15 - HKU\S-1-5-21-448539723-162531612-839522115-1003\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-448539723-162531612-839522115-1003\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03B83AC8-B816-453B-9332-9490C6F45E94}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-448539723-162531612-839522115-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-448539723-162531612-839522115-1003 Winlogon: UserInit - (C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TarArchiver.exe) - File not found O20 - HKU\S-1-5-21-448539723-162531612-839522115-1003 Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.02.04 14:43:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\Shell - "" = AutoRun O33 - MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Besitzer^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: Ad-Watch - hkey= - key= - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: nwiz - hkey= - key= - File not found MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: Skype - hkey= - key= - D:\DaSi\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: ZoneAlarm Client - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vsmon - Service SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error. SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.27 11:53:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Search Settings [2012.06.27 11:53:45 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater [2012.06.27 11:53:44 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot [2012.06.27 11:53:44 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar [2012.06.27 11:53:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.26 21:32:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\netgear daten fritz box-Dateien [2012.06.26 18:53:10 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Besitzer\Recent [2012.06.26 18:17:53 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2012.06.26 11:35:17 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.06.25 22:37:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.25 22:37:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.25 22:37:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.25 22:37:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.06.21 11:38:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\LG Fernseher-Dateien [2012.06.14 15:21:00 | 000,000,000 | ---D | C] -- C:\Picasa-Datensicherung [2012.06.05 15:56:55 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.05.30 15:36:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Möbelgriffe hummel-Dateien [2012.05.30 15:13:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Möbelgriffe-Dateien [2012.05.30 14:56:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Restaurierungsbedarf für Möbel • Basket • Basket-Dateien [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.27 14:57:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.27 11:47:48 | 000,191,655 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.06.27 11:47:44 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-162531612-839522115-1003.job [2012.06.27 11:47:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.26 21:32:38 | 000,001,712 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\netgear daten fritz box.htm [2012.06.26 18:17:56 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.06.26 16:03:19 | 000,002,223 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Skype.lnk [2012.06.25 22:37:57 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.25 22:33:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.25 22:28:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.06.25 17:14:03 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.06.21 11:38:38 | 000,468,120 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\LG Fernseher.htm [2012.06.14 15:50:36 | 000,000,071 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\.picasa.ini [2012.06.05 00:42:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.05.30 15:36:35 | 000,014,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Möbelgriffe hummel.htm [2012.05.30 15:22:26 | 000,038,549 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Möbelgriffe.htm [2012.05.30 14:56:20 | 000,046,176 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Restaurierungsbedarf für Möbel • Basket • Basket.htm [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.26 21:32:37 | 000,001,712 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\netgear daten fritz box.htm [2012.06.26 18:17:56 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.06.25 22:37:57 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.25 22:28:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.06.21 11:38:36 | 000,468,120 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\LG Fernseher.htm [2012.06.14 15:50:36 | 000,000,071 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\.picasa.ini [2012.05.30 15:36:34 | 000,014,905 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Möbelgriffe hummel.htm [2012.05.30 15:13:32 | 000,038,549 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Möbelgriffe.htm [2012.05.30 14:56:18 | 000,046,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Restaurierungsbedarf für Möbel • Basket • Basket.htm [2011.08.10 16:00:53 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2011.05.02 18:21:22 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll ========== LOP Check ========== [2012.06.06 16:03:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Search [2012.04.06 11:37:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2011.08.19 12:04:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2009.02.21 20:03:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2011.01.28 14:39:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound [2012.01.29 21:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2011.09.07 14:20:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2011.02.28 19:57:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011.07.22 11:00:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2010.05.06 16:36:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800} [2012.05.30 20:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\BOM [2012.01.19 17:20:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoft [2012.01.19 17:19:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.04.06 11:38:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\elsterformular [2011.03.30 23:07:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\GetRightToGo [2011.01.28 14:37:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\NCH Swift Sound [2012.03.19 20:29:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Nokia [2011.08.19 12:43:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Nokia Ovi Suite [2011.02.28 20:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PC Suite [2011.03.30 23:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PCFix [2011.08.10 16:02:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\pdfforge [2012.06.26 21:21:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong [2010.02.17 20:08:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Samsung [2012.06.27 11:53:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Search Settings [2010.08.19 17:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Thunderbird [2011.03.30 23:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Uniblue [2009.02.04 16:55:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Windows Desktop Search [2009.02.26 19:52:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Windows Search [2012.06.19 20:10:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\BOM [2012.06.21 20:05:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\elsterformular [2012.06.16 17:12:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Nokia [2012.06.16 17:12:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\PC Suite [2012.01.12 16:25:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Search Settings [2010.12.31 14:55:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Thunderbird [2009.08.19 23:06:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Windows Desktop Search [2011.01.01 17:23:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Windows Search [2012.06.25 22:35:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Troja\Anwendungsdaten\Search Settings [2012.06.25 17:14:03 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2011.04.13 19:22:27 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job [2012.01.18 19:25:51 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\switchDowngrade.job [2012.01.18 19:25:52 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.05.27 13:07:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Adobe [2009.02.08 14:28:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Ahead [2011.03.01 18:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Avira [2010.01.31 18:09:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AVS4YOU [2012.05.30 20:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\BOM [2009.02.09 20:07:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\CyberLink [2012.01.19 17:20:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoft [2012.01.19 17:19:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.04.06 11:38:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\elsterformular [2011.03.30 23:07:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\GetRightToGo [2010.02.14 16:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Help [2009.02.04 14:47:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Identities [2009.02.04 20:32:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia [2011.06.24 14:45:48 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft [2009.02.17 19:00:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft Web Folders [2009.02.10 16:53:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla [2011.01.28 14:37:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\NCH Swift Sound [2012.03.19 20:29:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Nokia [2011.08.19 12:43:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Nokia Ovi Suite [2011.02.28 20:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PC Suite [2011.03.30 23:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PCFix [2011.08.10 16:02:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\pdfforge [2012.06.26 21:21:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong [2012.05.22 21:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Real [2010.02.17 20:08:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Samsung [2012.06.27 11:53:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Search Settings [2012.06.26 18:03:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Skype [2011.10.10 16:03:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\skypePM [2011.02.24 10:09:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sun [2009.02.10 16:53:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Talkback [2010.08.19 17:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Thunderbird [2011.03.30 23:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Uniblue [2009.02.04 16:55:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Windows Desktop Search [2009.02.26 19:52:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Windows Search < %APPDATA%\*.exe /s > [2012.04.06 11:10:05 | 049,279,952 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\elsterformular\update\ElsterFormular_update-12_3_2_6814k.exe [2010.09.01 15:52:56 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\extensions\nostmp\content\getPlusPlus_Adobe_reg.exe [2011.03.18 13:01:30 | 000,514,216 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Real\RealPlayer\setup\AU_setup20101108.exe [2012.06.26 15:53:52 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe [2012.06.04 16:39:12 | 028,087,744 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe [2012.06.04 16:34:12 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe < %SYSTEMDRIVE%\*.exe > [2001.05.24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009.02.04 15:23:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009.02.04 15:23:15 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009.02.04 15:23:15 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > /code |
28.06.2012, 09:48 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - user.js - File not found [2012.04.17 19:44:41 | 000,576,958 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BESITZER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BSAJWLDN.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.06.27 11:53:50 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM [2012.06.27 11:53:50 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\Toolbar\ShellBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKU\S-1-5-21-448539723-162531612-839522115-1003..\Run: [] File not found O4 - HKU\S-1-5-21-448539723-162531612-839522115-1003..\Run: [C0mDiXEtF1yrWmk] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TarArchiver.exe File not found O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Programme\Lavasoft\Ad-Aware\AutoLaunch.exe () O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Programme\Lavasoft\Ad-Aware\AutoLaunch.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O20 - HKU\S-1-5-21-448539723-162531612-839522115-1003 Winlogon: UserInit - (C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TarArchiver.exe) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.02.04 14:43:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\Shell - "" = AutoRun O33 - MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe MsConfig - StartUpReg: ZoneAlarm Client - hkey= - key= - File not found [2012.06.27 11:53:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Search Settings [2012.06.27 11:53:45 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater [2012.06.27 11:53:44 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot [2012.06.27 11:53:44 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar [2012.06.26 21:21:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong [2011.03.30 23:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PCFix [2011.03.30 23:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Uniblue [2012.06.25 22:35:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Troja\Anwendungsdaten\Search Settings [2012.06.25 17:14:03 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2011.04.13 19:22:27 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job [2012.01.18 19:25:51 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\switchDowngrade.job [2012.01.18 19:25:52 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job :Files C:\Programme\Gemeinsame Dateien\Spigot C:\Programme\Application Updater :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
28.06.2012, 11:43 | #19 |
| GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully. C:\Programme\Freeware.de\prxtbFre2.dll moved successfully. Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll moved successfully. Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" removed from keyword.URL File C:\DOKUMENTE UND EINSTELLUNGEN\BESITZER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BSAJWLDN.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI not found. C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components folder moved successfully. C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\chrome\content folder moved successfully. C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\chrome folder moved successfully. C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM folder moved successfully. C:\PROGRAMME\PDFFORGE TOOLBAR\FF\chrome folder moved successfully. C:\PROGRAMME\PDFFORGE TOOLBAR\FF folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found. File C:\Programme\Freeware.de\prxtbFre2.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found. File C:\Programme\Freeware.de\prxtbFre2.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll not found. Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}\ not found. File C:\Programme\Freeware.de\prxtbFre2.dll not found. Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}\ not found. File C:\Programme\Freeware.de\prxtbFre2.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully. C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe moved successfully. Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run not found. Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AutoLaunch deleted successfully. C:\Programme\Lavasoft\Ad-Aware\AutoLaunch.exe moved successfully. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AutoLaunch not found. File C:\Programme\Lavasoft\Ad-Aware\AutoLaunch.exe not found. C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk moved successfully. C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found. Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System not found. Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\ not found. File F:\NokiaPCIA_Autorun.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ZoneAlarm Client\ deleted successfully. Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Search Settings\ not found. C:\Programme\Application Updater folder moved successfully. C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Res folder moved successfully. C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Lang folder moved successfully. C:\Programme\Gemeinsame Dateien\Spigot\Search Settings folder moved successfully. C:\Programme\Gemeinsame Dateien\Spigot folder moved successfully. C:\Programme\pdfforge Toolbar\Res\Lang folder moved successfully. C:\Programme\pdfforge Toolbar\Res folder moved successfully. C:\Programme\pdfforge Toolbar\IE\5.9 folder moved successfully. C:\Programme\pdfforge Toolbar\IE folder moved successfully. C:\Programme\pdfforge Toolbar folder moved successfully. Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\ not found. Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PCFix\ not found. Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Uniblue\ not found. C:\Dokumente und Einstellungen\Troja\Anwendungsdaten\Search Settings\temp folder moved successfully. C:\Dokumente und Einstellungen\Troja\Anwendungsdaten\Search Settings\res folder moved successfully. C:\Dokumente und Einstellungen\Troja\Anwendungsdaten\Search Settings folder moved successfully. C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job moved successfully. C:\WINDOWS\Tasks\doxillionShakeIcon.job moved successfully. C:\WINDOWS\Tasks\switchDowngrade.job moved successfully. C:\WINDOWS\Tasks\switchShakeIcon.job moved successfully. ========== FILES ========== File\Folder C:\Programme\Gemeinsame Dateien\Spigot not found. File\Folder C:\Programme\Application Updater not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 5944974 bytes User: All Users User: Besitzer User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Gast ->Temp folder emptied: 27087374 bytes ->Temporary Internet Files folder emptied: 4116522 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 1119395800 bytes ->Flash cache emptied: 5944 bytes User: Handy Karte 8.11 User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Troja ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 69149846 bytes ->Flash cache emptied: 492 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 17184701 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6428300 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.192,00 mb [EMPTYFLASH] User: Administrator User: All Users User: Besitzer User: Default User User: Gast ->Flash cache emptied: 0 bytes User: Handy Karte 8.11 User: LocalService User: NetworkService User: Troja ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.43.1 log created on 06282012_122842 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
28.06.2012, 13:45 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
28.06.2012, 17:51 | #21 |
| GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort 18:45:57.0546 1876 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44 18:45:57.0875 1876 ============================================================ 18:45:57.0875 1876 Current date / time: 2012/06/28 18:45:57.0875 18:45:57.0875 1876 SystemInfo: 18:45:57.0875 1876 18:45:57.0875 1876 OS Version: 5.1.2600 ServicePack: 3.0 18:45:57.0875 1876 Product type: Workstation 18:45:57.0875 1876 ComputerName: BENUTZER-0D266D 18:45:57.0875 1876 UserName: Troja 18:45:57.0875 1876 Windows directory: C:\WINDOWS 18:45:57.0875 1876 System windows directory: C:\WINDOWS 18:45:57.0875 1876 Processor architecture: Intel x86 18:45:57.0875 1876 Number of processors: 2 18:45:57.0875 1876 Page size: 0x1000 18:45:57.0875 1876 Boot type: Normal boot 18:45:57.0875 1876 ============================================================ 18:46:00.0062 1876 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 18:46:00.0062 1876 ============================================================ 18:46:00.0062 1876 \Device\Harddisk0\DR0: 18:46:00.0062 1876 MBR partitions: 18:46:00.0062 1876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F6BF3 18:46:00.0078 1876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x124F6C71, BlocksNum 0xACC9A4F 18:46:00.0078 1876 ============================================================ 18:46:00.0140 1876 D: <-> \Device\Harddisk0\DR0\Partition1 18:46:00.0156 1876 C: <-> \Device\Harddisk0\DR0\Partition0 18:46:00.0156 1876 ============================================================ 18:46:00.0156 1876 Initialize success 18:46:00.0156 1876 ============================================================ 18:48:24.0062 3816 ============================================================ 18:48:24.0062 3816 Scan started 18:48:24.0062 3816 Mode: Manual; SigCheck; TDLFS; 18:48:24.0062 3816 ============================================================ 18:48:24.0218 3816 Abiosdsk - ok 18:48:24.0234 3816 abp480n5 - ok 18:48:24.0281 3816 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:48:25.0000 3816 ACPI - ok 18:48:25.0046 3816 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 18:48:25.0156 3816 ACPIEC - ok 18:48:25.0234 3816 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 18:48:25.0265 3816 AdobeFlashPlayerUpdateSvc - ok 18:48:25.0265 3816 adpu160m - ok 18:48:25.0312 3816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 18:48:25.0437 3816 aec - ok 18:48:25.0484 3816 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 18:48:25.0578 3816 AFD - ok 18:48:25.0593 3816 Aha154x - ok 18:48:25.0593 3816 aic78u2 - ok 18:48:25.0609 3816 aic78xx - ok 18:48:25.0640 3816 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll 18:48:25.0750 3816 Alerter - ok 18:48:25.0765 3816 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe 18:48:25.0875 3816 ALG - ok 18:48:25.0875 3816 AliIde - ok 18:48:25.0937 3816 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 18:48:25.0968 3816 AmdPPM - ok 18:48:25.0984 3816 amsint - ok 18:48:26.0062 3816 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe 18:48:26.0078 3816 AntiVirSchedulerService - ok 18:48:26.0093 3816 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe 18:48:26.0125 3816 AntiVirService - ok 18:48:26.0125 3816 Application Updater - ok 18:48:26.0125 3816 AppMgmt - ok 18:48:26.0140 3816 asc - ok 18:48:26.0156 3816 asc3350p - ok 18:48:26.0156 3816 asc3550 - ok 18:48:26.0234 3816 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 18:48:26.0250 3816 aspnet_state - ok 18:48:26.0281 3816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:48:26.0406 3816 AsyncMac - ok 18:48:26.0421 3816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 18:48:26.0531 3816 atapi - ok 18:48:26.0546 3816 Atdisk - ok 18:48:26.0562 3816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:48:26.0671 3816 Atmarpc - ok 18:48:26.0703 3816 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll 18:48:26.0828 3816 AudioSrv - ok 18:48:26.0859 3816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 18:48:26.0984 3816 audstub - ok 18:48:27.0000 3816 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 18:48:27.0000 3816 avgio - ok 18:48:27.0046 3816 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 18:48:27.0078 3816 avgntflt - ok 18:48:27.0078 3816 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 18:48:27.0093 3816 avipbb - ok 18:48:27.0125 3816 AVM IGD CTRL Service - ok 18:48:27.0171 3816 AVM WLAN Connection Service (9bd46c1d2f33a890b7226edf543f18aa) C:\Programme\avmwlanstick\WlanNetService.exe 18:48:27.0218 3816 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning 18:48:27.0218 3816 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1) 18:48:27.0250 3816 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\WINDOWS\system32\drivers\avmeject.sys 18:48:27.0281 3816 avmeject ( UnsignedFile.Multi.Generic ) - warning 18:48:27.0281 3816 avmeject - detected UnsignedFile.Multi.Generic (1) 18:48:27.0312 3816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 18:48:27.0468 3816 Beep - ok 18:48:27.0515 3816 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll 18:48:27.0671 3816 BITS - ok 18:48:27.0703 3816 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll 18:48:27.0828 3816 Browser - ok 18:48:27.0843 3816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 18:48:28.0000 3816 cbidf2k - ok 18:48:28.0015 3816 cd20xrnt - ok 18:48:28.0046 3816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 18:48:28.0187 3816 Cdaudio - ok 18:48:28.0234 3816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 18:48:28.0328 3816 Cdfs - ok 18:48:28.0359 3816 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 18:48:28.0468 3816 Cdrom - ok 18:48:28.0468 3816 Changer - ok 18:48:28.0500 3816 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe 18:48:28.0625 3816 CiSvc - ok 18:48:28.0656 3816 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe 18:48:28.0765 3816 ClipSrv - ok 18:48:28.0828 3816 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:48:28.0843 3816 clr_optimization_v2.0.50727_32 - ok 18:48:28.0859 3816 CmdIde - ok 18:48:28.0859 3816 COMSysApp - ok 18:48:28.0875 3816 Cpqarray - ok 18:48:28.0921 3816 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll 18:48:29.0031 3816 CryptSvc - ok 18:48:29.0031 3816 dac2w2k - ok 18:48:29.0046 3816 dac960nt - ok 18:48:29.0093 3816 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll 18:48:29.0218 3816 DcomLaunch - ok 18:48:29.0265 3816 de_serv - ok 18:48:29.0312 3816 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll 18:48:29.0421 3816 Dhcp - ok 18:48:29.0437 3816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 18:48:29.0546 3816 Disk - ok 18:48:29.0546 3816 dmadmin - ok 18:48:29.0593 3816 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 18:48:29.0781 3816 dmboot - ok 18:48:29.0812 3816 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 18:48:29.0937 3816 dmio - ok 18:48:29.0968 3816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 18:48:30.0093 3816 dmload - ok 18:48:30.0125 3816 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll 18:48:30.0218 3816 dmserver - ok 18:48:30.0250 3816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 18:48:30.0359 3816 DMusic - ok 18:48:30.0390 3816 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll 18:48:30.0421 3816 Dnscache - ok 18:48:30.0453 3816 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll 18:48:30.0546 3816 Dot3svc - ok 18:48:30.0562 3816 dpti2o - ok 18:48:30.0593 3816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 18:48:30.0703 3816 drmkaud - ok 18:48:30.0750 3816 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll 18:48:30.0843 3816 EapHost - ok 18:48:30.0890 3816 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll 18:48:31.0000 3816 ERSvc - ok 18:48:31.0031 3816 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 18:48:31.0062 3816 Eventlog - ok 18:48:31.0109 3816 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll 18:48:31.0187 3816 EventSystem - ok 18:48:31.0218 3816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 18:48:31.0343 3816 Fastfat - ok 18:48:31.0375 3816 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 18:48:31.0421 3816 FastUserSwitchingCompatibility - ok 18:48:31.0453 3816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 18:48:31.0546 3816 Fdc - ok 18:48:31.0562 3816 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 18:48:31.0671 3816 Fips - ok 18:48:31.0718 3816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 18:48:31.0828 3816 Flpydisk - ok 18:48:31.0859 3816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 18:48:31.0968 3816 FltMgr - ok 18:48:32.0062 3816 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 18:48:32.0078 3816 FontCache3.0.0.0 - ok 18:48:32.0109 3816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:48:32.0265 3816 Fs_Rec - ok 18:48:32.0281 3816 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:48:32.0437 3816 Ftdisk - ok 18:48:32.0468 3816 FWLANUSB (ff12fa487265da2ac7de4be53f72ff1a) C:\WINDOWS\system32\DRIVERS\fwlanusb.sys 18:48:32.0500 3816 FWLANUSB - ok 18:48:32.0546 3816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:48:32.0640 3816 Gpc - ok 18:48:32.0703 3816 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe 18:48:32.0718 3816 gusvc - ok 18:48:32.0750 3816 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 18:48:32.0859 3816 HDAudBus - ok 18:48:32.0921 3816 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 18:48:33.0015 3816 helpsvc - ok 18:48:33.0031 3816 HidServ - ok 18:48:33.0062 3816 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 18:48:33.0171 3816 hidusb - ok 18:48:33.0218 3816 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll 18:48:33.0312 3816 hkmsvc - ok 18:48:33.0312 3816 hpn - ok 18:48:33.0359 3816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 18:48:33.0406 3816 HTTP - ok 18:48:33.0437 3816 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll 18:48:33.0546 3816 HTTPFilter - ok 18:48:33.0562 3816 i2omgmt - ok 18:48:33.0562 3816 i2omp - ok 18:48:33.0609 3816 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:48:33.0718 3816 i8042prt - ok 18:48:33.0781 3816 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 18:48:33.0843 3816 idsvc - ok 18:48:33.0875 3816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 18:48:33.0984 3816 Imapi - ok 18:48:34.0015 3816 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe 18:48:34.0125 3816 ImapiService - ok 18:48:34.0140 3816 ini910u - ok 18:48:34.0296 3816 IntcAzAudAddService (8cd7f3fb0b2418af79914adb1e265184) C:\WINDOWS\system32\drivers\RtkHDAud.sys 18:48:34.0578 3816 IntcAzAudAddService - ok 18:48:34.0625 3816 IntelIde - ok 18:48:34.0656 3816 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 18:48:34.0781 3816 Ip6Fw - ok 18:48:34.0812 3816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:48:34.0953 3816 IpFilterDriver - ok 18:48:34.0984 3816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 18:48:35.0093 3816 IpInIp - ok 18:48:35.0109 3816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:48:35.0218 3816 IpNat - ok 18:48:35.0250 3816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:48:35.0359 3816 IPSec - ok 18:48:35.0375 3816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 18:48:35.0484 3816 IRENUM - ok 18:48:35.0515 3816 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:48:35.0609 3816 isapnp - ok 18:48:35.0765 3816 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Programme\Java\jre6\bin\jqs.exe 18:48:35.0781 3816 JavaQuickStarterService - ok 18:48:35.0796 3816 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:48:35.0906 3816 Kbdclass - ok 18:48:35.0937 3816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 18:48:36.0046 3816 kmixer - ok 18:48:36.0093 3816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 18:48:36.0156 3816 KSecDD - ok 18:48:36.0187 3816 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll 18:48:36.0234 3816 lanmanserver - ok 18:48:36.0281 3816 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll 18:48:36.0328 3816 lanmanworkstation - ok 18:48:36.0421 3816 Lavasoft Ad-Aware Service (193146149076b331c008c1c0af6fa5b9) C:\Programme\Lavasoft\Ad-Aware\AAWService.exe 18:48:36.0484 3816 Lavasoft Ad-Aware Service - ok 18:48:36.0515 3816 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys 18:48:36.0531 3816 Lbd - ok 18:48:36.0531 3816 lbrtfdc - ok 18:48:36.0593 3816 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll 18:48:36.0703 3816 LmHosts - ok 18:48:36.0781 3816 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe 18:48:36.0812 3816 McComponentHostService - ok 18:48:36.0843 3816 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll 18:48:36.0953 3816 Messenger - ok 18:48:37.0062 3816 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe 18:48:37.0062 3816 Microsoft Office Groove Audit Service - ok 18:48:37.0093 3816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 18:48:37.0250 3816 mnmdd - ok 18:48:37.0281 3816 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe 18:48:37.0390 3816 mnmsrvc - ok 18:48:37.0421 3816 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 18:48:37.0531 3816 Modem - ok 18:48:37.0562 3816 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:48:37.0671 3816 Mouclass - ok 18:48:37.0703 3816 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 18:48:37.0843 3816 mouhid - ok 18:48:37.0859 3816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 18:48:37.0953 3816 MountMgr - ok 18:48:38.0000 3816 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 18:48:38.0015 3816 MozillaMaintenance - ok 18:48:38.0015 3816 mraid35x - ok 18:48:38.0046 3816 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:48:38.0156 3816 MRxDAV - ok 18:48:38.0203 3816 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:48:38.0265 3816 MRxSmb - ok 18:48:38.0296 3816 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe 18:48:38.0406 3816 MSDTC - ok 18:48:38.0437 3816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 18:48:38.0546 3816 Msfs - ok 18:48:38.0562 3816 MSIServer - ok 18:48:38.0593 3816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:48:38.0687 3816 MSKSSRV - ok 18:48:38.0703 3816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:48:38.0812 3816 MSPCLOCK - ok 18:48:38.0843 3816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 18:48:38.0937 3816 MSPQM - ok 18:48:38.0968 3816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:48:39.0062 3816 mssmbios - ok 18:48:39.0109 3816 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 18:48:39.0203 3816 Mup - ok 18:48:39.0250 3816 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll 18:48:39.0390 3816 napagent - ok 18:48:39.0421 3816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 18:48:39.0515 3816 NDIS - ok 18:48:39.0546 3816 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:48:39.0656 3816 NdisTapi - ok 18:48:39.0671 3816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:48:39.0781 3816 Ndisuio - ok 18:48:39.0796 3816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:48:39.0890 3816 NdisWan - ok 18:48:39.0937 3816 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 18:48:39.0968 3816 NDProxy - ok 18:48:40.0000 3816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 18:48:40.0109 3816 NetBIOS - ok 18:48:40.0125 3816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 18:48:40.0218 3816 NetBT - ok 18:48:40.0281 3816 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 18:48:40.0375 3816 NetDDE - ok 18:48:40.0390 3816 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 18:48:40.0484 3816 NetDDEdsdm - ok 18:48:40.0515 3816 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 18:48:40.0609 3816 Netlogon - ok 18:48:40.0625 3816 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll 18:48:40.0750 3816 Netman - ok 18:48:40.0843 3816 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:48:40.0859 3816 NetTcpPortSharing - ok 18:48:40.0906 3816 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll 18:48:40.0921 3816 Nla - ok 18:48:40.0968 3816 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys 18:48:41.0156 3816 nmwcd - ok 18:48:41.0187 3816 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys 18:48:41.0250 3816 nmwcdc - ok 18:48:41.0359 3816 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Programme\NOS\bin\getPlus_Helper_3004.dll 18:48:41.0375 3816 nosGetPlusHelper - ok 18:48:41.0406 3816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 18:48:41.0500 3816 Npfs - ok 18:48:41.0531 3816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 18:48:41.0656 3816 Ntfs - ok 18:48:41.0671 3816 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 18:48:41.0765 3816 NtLmSsp - ok 18:48:41.0796 3816 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll 18:48:41.0921 3816 NtmsSvc - ok 18:48:41.0968 3816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 18:48:42.0109 3816 Null - ok 18:48:42.0328 3816 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 18:48:42.0671 3816 nv - ok 18:48:42.0750 3816 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 18:48:42.0781 3816 NVENETFD - ok 18:48:42.0796 3816 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 18:48:42.0843 3816 nvnetbus - ok 18:48:42.0875 3816 NVSvc (f96df45cfbdc670584293e03c2ab602a) C:\WINDOWS\system32\nvsvc32.exe 18:48:42.0890 3816 NVSvc - ok 18:48:42.0921 3816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:48:43.0078 3816 NwlnkFlt - ok 18:48:43.0109 3816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:48:43.0250 3816 NwlnkFwd - ok 18:48:43.0375 3816 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE 18:48:43.0406 3816 odserv - ok 18:48:43.0453 3816 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 18:48:43.0484 3816 ose - ok 18:48:43.0515 3816 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 18:48:43.0625 3816 Parport - ok 18:48:43.0640 3816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 18:48:43.0734 3816 PartMgr - ok 18:48:43.0765 3816 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 18:48:43.0906 3816 ParVdm - ok 18:48:43.0953 3816 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 18:48:44.0000 3816 pccsmcfd - ok 18:48:44.0015 3816 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 18:48:44.0109 3816 PCI - ok 18:48:44.0125 3816 PCIDump - ok 18:48:44.0140 3816 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 18:48:44.0281 3816 PCIIde - ok 18:48:44.0312 3816 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 18:48:44.0406 3816 Pcmcia - ok 18:48:44.0421 3816 PDCOMP - ok 18:48:44.0421 3816 PDFRAME - ok 18:48:44.0437 3816 PDRELI - ok 18:48:44.0437 3816 PDRFRAME - ok 18:48:44.0453 3816 perc2 - ok 18:48:44.0453 3816 perc2hib - ok 18:48:44.0515 3816 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 18:48:44.0546 3816 PlugPlay - ok 18:48:44.0562 3816 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 18:48:44.0656 3816 PolicyAgent - ok 18:48:44.0687 3816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:48:44.0796 3816 PptpMiniport - ok 18:48:44.0812 3816 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 18:48:44.0906 3816 Processor - ok 18:48:44.0906 3816 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 18:48:45.0000 3816 ProtectedStorage - ok 18:48:45.0015 3816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 18:48:45.0109 3816 PSched - ok 18:48:45.0140 3816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:48:45.0281 3816 Ptilink - ok 18:48:45.0328 3816 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 18:48:45.0343 3816 PxHelp20 - ok 18:48:45.0343 3816 ql1080 - ok 18:48:45.0359 3816 Ql10wnt - ok 18:48:45.0359 3816 ql12160 - ok 18:48:45.0375 3816 ql1240 - ok 18:48:45.0375 3816 ql1280 - ok 18:48:45.0390 3816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:48:45.0546 3816 RasAcd - ok 18:48:45.0578 3816 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll 18:48:45.0671 3816 RasAuto - ok 18:48:45.0687 3816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:48:45.0796 3816 Rasl2tp - ok 18:48:45.0843 3816 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll 18:48:45.0953 3816 RasMan - ok 18:48:45.0968 3816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:48:46.0062 3816 RasPppoe - ok 18:48:46.0062 3816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 18:48:46.0203 3816 Raspti - ok 18:48:46.0218 3816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 18:48:46.0328 3816 Rdbss - ok 18:48:46.0359 3816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:48:46.0500 3816 RDPCDD - ok 18:48:46.0546 3816 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 18:48:46.0656 3816 RDPWD - ok 18:48:46.0671 3816 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe 18:48:46.0796 3816 RDSessMgr - ok 18:48:46.0796 3816 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 18:48:46.0906 3816 redbook - ok 18:48:46.0937 3816 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll 18:48:47.0046 3816 RemoteAccess - ok 18:48:47.0078 3816 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe 18:48:47.0187 3816 RpcLocator - ok 18:48:47.0234 3816 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll 18:48:47.0265 3816 RpcSs - ok 18:48:47.0281 3816 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe 18:48:47.0421 3816 RSVP - ok 18:48:47.0453 3816 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 18:48:47.0546 3816 SamSs - ok 18:48:47.0593 3816 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe 18:48:47.0703 3816 SCardSvr - ok 18:48:47.0750 3816 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll 18:48:47.0859 3816 Schedule - ok 18:48:47.0890 3816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 18:48:47.0984 3816 Secdrv - ok 18:48:48.0000 3816 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll 18:48:48.0109 3816 seclogon - ok 18:48:48.0109 3816 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll 18:48:48.0234 3816 SENS - ok 18:48:48.0250 3816 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 18:48:48.0343 3816 serenum - ok 18:48:48.0375 3816 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 18:48:48.0468 3816 Serial - ok 18:48:48.0593 3816 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Programme\PC Connectivity Solution\ServiceLayer.exe 18:48:48.0640 3816 ServiceLayer - ok 18:48:48.0687 3816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 18:48:48.0796 3816 Sfloppy - ok 18:48:48.0843 3816 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll 18:48:48.0984 3816 SharedAccess - ok 18:48:49.0031 3816 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 18:48:49.0046 3816 ShellHWDetection - ok 18:48:49.0046 3816 Simbad - ok 18:48:49.0203 3816 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) D:\DaSi\Programme\Skype\Updater\Updater.exe 18:48:49.0218 3816 SkypeUpdate - ok 18:48:49.0250 3816 Sparrow - ok 18:48:49.0312 3816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 18:48:49.0421 3816 splitter - ok 18:48:49.0453 3816 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 18:48:49.0484 3816 Spooler - ok 18:48:49.0500 3816 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 18:48:49.0609 3816 sr - ok 18:48:49.0640 3816 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll 18:48:49.0750 3816 srservice - ok 18:48:49.0796 3816 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 18:48:49.0859 3816 Srv - ok 18:48:49.0890 3816 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys 18:48:49.0890 3816 sscdbus - ok 18:48:49.0937 3816 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 18:48:49.0937 3816 sscdmdfl - ok 18:48:49.0968 3816 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys 18:48:49.0984 3816 sscdmdm - ok 18:48:50.0015 3816 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll 18:48:50.0125 3816 SSDPSRV - ok 18:48:50.0156 3816 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 18:48:50.0171 3816 ssmdrv - ok 18:48:50.0203 3816 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys 18:48:50.0218 3816 StarOpen ( UnsignedFile.Multi.Generic ) - warning 18:48:50.0218 3816 StarOpen - detected UnsignedFile.Multi.Generic (1) 18:48:50.0265 3816 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll 18:48:50.0406 3816 stisvc - ok 18:48:50.0421 3816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 18:48:50.0515 3816 swenum - ok 18:48:50.0546 3816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 18:48:50.0640 3816 swmidi - ok 18:48:50.0656 3816 SwPrv - ok 18:48:50.0671 3816 symc810 - ok 18:48:50.0671 3816 symc8xx - ok 18:48:50.0687 3816 sym_hi - ok 18:48:50.0687 3816 sym_u3 - ok 18:48:50.0703 3816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 18:48:50.0812 3816 sysaudio - ok 18:48:50.0843 3816 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe 18:48:50.0953 3816 SysmonLog - ok 18:48:51.0000 3816 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll 18:48:51.0109 3816 TapiSrv - ok 18:48:51.0156 3816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 18:48:51.0187 3816 Tcpip - ok 18:48:51.0218 3816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 18:48:51.0328 3816 TDPIPE - ok 18:48:51.0359 3816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 18:48:51.0468 3816 TDTCP - ok 18:48:51.0515 3816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 18:48:51.0609 3816 TermDD - ok 18:48:51.0656 3816 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll 18:48:51.0781 3816 TermService - ok 18:48:51.0828 3816 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 18:48:51.0843 3816 Themes - ok 18:48:51.0843 3816 TosIde - ok 18:48:51.0890 3816 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll 18:48:52.0000 3816 TrkWks - ok 18:48:52.0015 3816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 18:48:52.0125 3816 Udfs - ok 18:48:52.0125 3816 ultra - ok 18:48:52.0187 3816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 18:48:52.0328 3816 Update - ok 18:48:52.0375 3816 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll 18:48:52.0484 3816 upnphost - ok 18:48:52.0531 3816 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 18:48:52.0593 3816 upperdev - ok 18:48:52.0640 3816 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe 18:48:52.0718 3816 UPS - ok 18:48:52.0734 3816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 18:48:52.0828 3816 usbehci - ok 18:48:52.0875 3816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 18:48:52.0968 3816 usbhub - ok 18:48:52.0984 3816 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 18:48:53.0093 3816 usbohci - ok 18:48:53.0125 3816 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 18:48:53.0218 3816 usbprint - ok 18:48:53.0250 3816 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 18:48:53.0343 3816 usbscan - ok 18:48:53.0375 3816 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys 18:48:53.0468 3816 usbser - ok 18:48:53.0500 3816 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 18:48:53.0562 3816 UsbserFilt - ok 18:48:53.0593 3816 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:48:53.0687 3816 USBSTOR - ok 18:48:53.0703 3816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 18:48:53.0796 3816 VgaSave - ok 18:48:53.0812 3816 ViaIde - ok 18:48:53.0843 3816 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 18:48:53.0937 3816 VolSnap - ok 18:48:53.0984 3816 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe 18:48:54.0093 3816 VSS - ok 18:48:54.0109 3816 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll 18:48:54.0250 3816 W32Time - ok 18:48:54.0265 3816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 18:48:54.0375 3816 Wanarp - ok 18:48:54.0421 3816 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 18:48:54.0453 3816 Wdf01000 - ok 18:48:54.0453 3816 WDICA - ok 18:48:54.0500 3816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 18:48:54.0593 3816 wdmaud - ok 18:48:54.0625 3816 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll 18:48:54.0734 3816 WebClient - ok 18:48:54.0812 3816 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll 18:48:54.0906 3816 winmgmt - ok 18:48:54.0953 3816 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 18:48:54.0968 3816 WmdmPmSN - ok 18:48:55.0015 3816 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe 18:48:55.0125 3816 WmiApSrv - ok 18:48:55.0250 3816 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe 18:48:55.0343 3816 WMPNetworkSvc - ok 18:48:55.0375 3816 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 18:48:55.0375 3816 WpdUsb - ok 18:48:55.0421 3816 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll 18:48:55.0546 3816 wscsvc - ok 18:48:55.0546 3816 WSearch - ok 18:48:55.0593 3816 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll 18:48:55.0703 3816 wuauserv - ok 18:48:55.0734 3816 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 18:48:55.0765 3816 WudfPf - ok 18:48:55.0796 3816 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 18:48:55.0812 3816 WudfRd - ok 18:48:55.0828 3816 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 18:48:55.0843 3816 WudfSvc - ok 18:48:55.0906 3816 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll 18:48:56.0015 3816 WZCSVC - ok 18:48:56.0062 3816 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll 18:48:56.0187 3816 xmlprov - ok 18:48:56.0203 3816 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 18:48:56.0609 3816 \Device\Harddisk0\DR0 - ok 18:48:56.0625 3816 Boot (0x1200) (f82b8d7a81891204ad0fda5c6d58a319) \Device\Harddisk0\DR0\Partition0 18:48:56.0625 3816 \Device\Harddisk0\DR0\Partition0 - ok 18:48:56.0671 3816 Boot (0x1200) (b4d4c104972213b8b0c96350a9de138d) \Device\Harddisk0\DR0\Partition1 18:48:56.0671 3816 \Device\Harddisk0\DR0\Partition1 - ok 18:48:56.0671 3816 ============================================================ 18:48:56.0671 3816 Scan finished 18:48:56.0671 3816 ============================================================ 18:48:56.0781 3344 Detected object count: 3 18:48:56.0781 3344 Actual detected object count: 3 18:50:11.0750 3344 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user 18:50:11.0750 3344 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:50:11.0750 3344 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user 18:50:11.0750 3344 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:50:11.0765 3344 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 18:50:11.0765 3344 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip |
29.06.2012, 11:29 | #22 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
29.06.2012, 12:59 | #23 |
| GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort Combofix Logfile: Code:
ATTFilter ComboFix 12-06-28.03 - Besitzer 29.06.2012 13:33:06.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.895.450 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Eigene Dateien\Downloads\ComboFix.exe AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PCFix c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PCFix\log.dat c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PCFix\unresolvederrors.dat c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\1.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\a.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\b.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\c.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\d.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\e.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\f.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\g.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\h.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\i.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\j.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\k.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\l.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\m.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\mru.xml c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\n.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\o.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\p.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\q.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\r.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\s.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\t.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\u.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\v.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\w.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\wlu.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\x.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\y.txt c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\z.txt c:\dokumente und einstellungen\Handy Karte 8.11\System c:\windows\IsUn0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-05-28 bis 2012-06-29 )))))))))))))))))))))))))))))) . . 2012-06-28 10:28 . 2012-06-28 10:28 -------- d-----w- C:\_OTL 2012-06-27 18:02 . 2012-06-27 18:02 11776 ----a-w- c:\programme\Mozilla Firefox\plugins\nprjplug.dll 2012-06-27 18:01 . 2012-06-27 18:01 -------- d-----w- c:\programme\Gemeinsame Dateien\xing shared 2012-06-27 18:01 . 2012-06-27 18:01 150696 ----a-w- c:\programme\Mozilla Firefox\plugins\nppl3260.dll 2012-06-27 18:01 . 2012-06-27 18:01 129144 ----a-w- c:\programme\Mozilla Firefox\plugins\nprpplugin.dll 2012-06-27 13:52 . 2012-06-27 13:52 -------- d-----w- c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\wtxpcom 2012-06-27 09:53 . 2012-06-27 09:53 -------- d-----w- c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Search Settings 2012-06-26 16:17 . 2012-06-26 16:17 -------- d-----w- c:\programme\CCleaner 2012-06-26 16:14 . 2012-06-26 16:14 770384 ----a-w- c:\programme\Mozilla Firefox\msvcr100.dll 2012-06-26 16:14 . 2012-06-26 16:14 421200 ----a-w- c:\programme\Mozilla Firefox\msvcp100.dll 2012-06-26 09:35 . 2012-06-26 09:35 -------- d-----w- c:\programme\ESET 2012-06-25 20:37 . 2012-06-25 20:37 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2012-06-25 20:37 . 2012-06-25 20:37 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2012-06-25 20:37 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-25 20:34 . 2008-04-14 06:52 221184 ----a-w- c:\windows\system32\wmpns.dll 2012-06-25 20:33 . 2012-06-25 20:34 -------- d-----w- c:\dokumente und einstellungen\Troja 2012-06-21 18:04 . 2012-06-21 18:05 -------- d-----w- c:\dokumente und einstellungen\Gast\Anwendungsdaten\elsterformular 2012-06-16 15:12 . 2012-06-16 15:12 -------- d-----w- c:\dokumente und einstellungen\Gast\Anwendungsdaten\PC Suite 2012-06-16 15:12 . 2012-06-16 15:12 -------- d-----w- c:\dokumente und einstellungen\Gast\Anwendungsdaten\Nokia 2012-06-16 13:52 . 2012-06-19 18:10 -------- d-----w- c:\dokumente und einstellungen\Gast\Anwendungsdaten\BOM 2012-06-14 13:21 . 2012-06-14 13:47 -------- d-----w- C:\Picasa-Datensicherung 2012-06-14 11:05 . 2012-06-14 11:05 -------- d-----w- c:\dokumente und einstellungen\Gast\Anwendungsdaten\Avira 2012-06-11 16:26 . 2012-06-11 16:26 -------- d-----w- c:\dokumente und einstellungen\Gast\Lokale Einstellungen\Anwendungsdaten\Skype 2012-06-11 14:27 . 2012-06-11 14:27 -------- d-s---w- c:\dokumente und einstellungen\Gast\UserData 2012-06-05 13:56 . 2012-06-14 12:57 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2012-06-05 10:17 . 2012-06-25 20:26 -------- d-----w- c:\dokumente und einstellungen\Administrator . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-27 18:01 . 2009-02-04 14:19 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-06-27 18:01 . 2009-02-04 14:19 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-06-23 07:57 . 2012-04-05 06:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 07:57 . 2011-05-19 10:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-26 16:14 . 2011-05-16 14:48 85472 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2012-06-27 296056] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Besitzer^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\dokumente und einstellungen\Besitzer\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] 2011-07-11 15:14 528832 ----a-w- c:\programme\Lavasoft\Ad-Aware\AAWTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-06-12 01:38 34672 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2010-12-13 07:39 281768 ----a-w- c:\programme\Avira\AntiVir Desktop\avgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient] 2006-12-27 23:02 1454080 ----a-r- c:\programme\avmwlanstick\WLanGUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 22:47 31016 ----a-w- c:\programme\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-09-17 22:55 13574144 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-09-17 22:55 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-09-17 22:55 1657376 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2010-12-21 10:53 1483264 ----a-w- c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2005-01-12 02:01 32768 ----a-w- c:\programme\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-11-22 15:40 16858112 ----a-w- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-02-29 06:55 17148552 ----a-r- d:\dasi\Programme\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 10:44 248552 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-06-27 18:01 296056 ----a-w- c:\programme\Real\RealPlayer\Update\realsched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Vogel Verlag\\Fahren Lernen\\Vogel.FahrenLernenMax.exe"= "c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\DaSi\\Programme\\Skype\\Phone\\Skype.exe"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.02.2009 18:14 64160] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [27.05.2009 09:26 136360] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 1036104] R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [04.02.2009 20:12 265088] S2 Application Updater;Application Updater;"c:\programme\Application Updater\ApplicationUpdater.exe" --> c:\programme\Application Updater\ApplicationUpdater.exe [?] S2 SkypeUpdate;Skype Updater;d:\dasi\Programme\Skype\Updater\Updater.exe [15.02.2012 14:30 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05.04.2012 08:57 250056] S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [04.02.2009 20:12 4352] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [03.05.2012 17:19 113120] S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04.08.2004 14:00 14336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Inhalt des "geplante Tasks" Ordners . 2012-06-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:14] . 2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 07:57] . 2012-06-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-162531612-839522115-1003.job - c:\programme\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21] . 2012-06-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-162531612-839522115-1003.job - c:\programme\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21] . . ------- Zusätzlicher Suchlauf ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.de/ FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p= . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file) WebBrowser-{7E111A5C-3D11-4F56-9463-5310C3C69025} - (no file) HKCU-Run-C0mDiXEtF1yrWmk - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\TarArchiver.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-06-29 13:39 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . Zeit der Fertigstellung: 2012-06-29 13:41:56 ComboFix-quarantined-files.txt 2012-06-29 11:41 . Vor Suchlauf: 9 Verzeichnis(se), 104.832.987.136 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 105.060.298.752 Bytes frei . WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 1B7351CBEC4AFB0C4D0E376225042CFF Hallo ! was mir noch aufgefallen ist : ich kann den Benutzer nicht mehr über die Button ABMELDEN BENUTZER WECHSELN wechseln. ist nicht lebenswichtig ... aber evtl. gibt es ja eine Lösung hierfür. Ich wünsche auf jeden Fall ein schönes sonniges WE !! Torsten |
29.06.2012, 13:46 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder:: c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\wtxpcom c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Search Settings 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
29.06.2012, 18:21 | #25 |
| GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort Combofix Logfile: Code:
ATTFilter ComboFix 12-06-28.03 - Besitzer 29.06.2012 19:09:23.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.895.405 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Besitzer\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Search Settings c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\wtxpcom . . ((((((((((((((((((((((( Dateien erstellt von 2012-05-28 bis 2012-06-29 )))))))))))))))))))))))))))))) . . 2012-06-29 16:43 . 2012-06-29 16:43 -------- d-----w- c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Malwarebytes 2012-06-29 12:09 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2012-06-29 12:09 . 2012-05-02 13:46 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2012-06-29 12:08 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll 2012-06-29 12:07 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2012-06-29 12:07 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-06-29 12:07 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2012-06-28 10:28 . 2012-06-28 10:28 -------- d-----w- C:\_OTL 2012-06-27 18:02 . 2012-06-27 18:02 11776 ----a-w- c:\programme\Mozilla Firefox\plugins\nprjplug.dll 2012-06-27 18:01 . 2012-06-27 18:01 -------- d-----w- c:\programme\Gemeinsame Dateien\xing shared 2012-06-27 18:01 . 2012-06-27 18:01 150696 ----a-w- c:\programme\Mozilla Firefox\plugins\nppl3260.dll 2012-06-27 18:01 . 2012-06-27 18:01 129144 ----a-w- c:\programme\Mozilla Firefox\plugins\nprpplugin.dll 2012-06-26 16:17 . 2012-06-26 16:17 -------- d-----w- c:\programme\CCleaner 2012-06-26 16:14 . 2012-06-26 16:14 770384 ----a-w- c:\programme\Mozilla Firefox\msvcr100.dll 2012-06-26 16:14 . 2012-06-26 16:14 421200 ----a-w- c:\programme\Mozilla Firefox\msvcp100.dll 2012-06-26 09:35 . 2012-06-26 09:35 -------- d-----w- c:\programme\ESET 2012-06-25 20:37 . 2012-06-25 20:37 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2012-06-25 20:37 . 2012-06-25 20:37 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2012-06-25 20:37 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-25 20:34 . 2008-04-14 06:52 221184 ----a-w- c:\windows\system32\wmpns.dll 2012-06-25 20:33 . 2012-06-25 20:34 -------- d-----w- c:\dokumente und einstellungen\Troja 2012-06-21 18:04 . 2012-06-21 18:05 -------- d-----w- c:\dokumente und einstellungen\Gast\Anwendungsdaten\elsterformular 2012-06-16 15:12 . 2012-06-16 15:12 -------- d-----w- c:\dokumente und einstellungen\Gast\Anwendungsdaten\PC Suite 2012-06-16 15:12 . 2012-06-16 15:12 -------- d-----w- c:\dokumente und einstellungen\Gast\Anwendungsdaten\Nokia 2012-06-16 13:52 . 2012-06-19 18:10 -------- d-----w- c:\dokumente und einstellungen\Gast\Anwendungsdaten\BOM 2012-06-14 13:21 . 2012-06-14 13:47 -------- d-----w- C:\Picasa-Datensicherung 2012-06-14 11:05 . 2012-06-14 11:05 -------- d-----w- c:\dokumente und einstellungen\Gast\Anwendungsdaten\Avira 2012-06-11 16:26 . 2012-06-11 16:26 -------- d-----w- c:\dokumente und einstellungen\Gast\Lokale Einstellungen\Anwendungsdaten\Skype 2012-06-11 14:27 . 2012-06-11 14:27 -------- d-s---w- c:\dokumente und einstellungen\Gast\UserData 2012-06-05 13:56 . 2012-06-14 12:57 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2012-06-05 10:17 . 2012-06-25 20:26 -------- d-----w- c:\dokumente und einstellungen\Administrator 2012-05-31 13:22 . 2012-05-31 13:22 604160 -c----w- c:\windows\system32\dllcache\crypt32.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-27 18:01 . 2009-02-04 14:19 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-06-27 18:01 . 2009-02-04 14:19 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-06-23 07:57 . 2012-04-05 06:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 07:57 . 2011-05-19 10:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 13:19 . 2009-02-04 12:41 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2009-02-04 12:41 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2009-02-04 12:41 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2008-10-16 13:08 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2008-10-16 13:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2009-02-04 12:41 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2009-02-04 12:41 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2008-10-16 13:08 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2008-10-16 13:08 23576 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2009-02-04 12:41 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2009-02-04 12:41 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-05-31 13:22 . 2004-08-04 12:00 604160 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 07:58 . 2004-08-04 12:00 672768 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:56 . 2004-08-04 12:00 1863296 ----a-w- c:\windows\system32\win32k.sys 2012-05-05 03:14 . 2004-08-04 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2004-08-04 00:50 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2009-02-04 12:39 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-20 19:29 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2012-04-20 19:29 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2012-04-20 19:28 . 2004-08-04 12:00 371200 ----a-w- c:\windows\system32\html.iec 2012-06-26 16:14 . 2011-05-16 14:48 85472 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-06-29_11.39.53 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-29 16:35 . 2012-06-29 16:35 16384 c:\windows\Temp\Perflib_Perfdata_64c.dat + 2004-08-04 12:00 . 2012-04-20 19:29 37888 c:\windows\system32\url.dll - 2004-08-04 12:00 . 2008-04-14 06:52 37888 c:\windows\system32\url.dll + 2009-02-04 14:03 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe - 2009-02-04 14:03 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe + 2012-06-29 12:05 . 2012-06-02 13:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll + 2012-06-29 12:05 . 2012-06-02 13:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll + 2004-08-04 12:00 . 2012-06-29 16:36 68584 c:\windows\system32\perfc009.dat + 2004-08-04 12:00 . 2012-06-29 16:36 91336 c:\windows\system32\perfc007.dat + 2004-08-04 12:00 . 2011-11-20 06:12 61952 c:\windows\system32\packager.exe + 2004-08-04 12:00 . 2011-09-26 09:41 23040 c:\windows\system32\oleaccrc.dll - 2004-08-04 12:00 . 2008-04-14 06:52 23040 c:\windows\system32\mciseq.dll + 2004-08-04 12:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll + 2004-08-04 12:00 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys + 2009-02-04 12:41 . 2012-06-02 13:19 35864 c:\windows\system32\dllcache\wups.dll + 2009-02-04 12:41 . 2012-06-02 13:19 53784 c:\windows\system32\dllcache\wuauclt.exe + 2012-04-20 19:29 . 2012-04-20 19:29 37888 c:\windows\system32\dllcache\url.dll + 2011-11-20 06:12 . 2011-11-20 06:12 61952 c:\windows\system32\dllcache\packager.exe + 2004-08-04 12:00 . 2011-09-26 09:41 23040 c:\windows\system32\dllcache\oleaccrc.dll + 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll - 2009-02-20 08:09 . 2011-02-17 13:51 81920 c:\windows\system32\dllcache\ieencode.dll + 2009-02-20 08:09 . 2012-04-20 19:29 81920 c:\windows\system32\dllcache\ieencode.dll + 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll - 2009-12-14 07:08 . 2010-12-09 14:29 33280 c:\windows\system32\dllcache\csrsrv.dll + 2004-08-04 12:00 . 2012-06-02 13:19 97304 c:\windows\system32\dllcache\cdm.dll - 2004-08-04 12:00 . 2010-12-09 14:29 33280 c:\windows\system32\csrsrv.dll + 2004-08-04 12:00 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll + 2011-12-25 01:49 . 2011-12-25 01:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe + 2012-06-29 16:38 . 2012-06-29 16:38 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3b34fc2c8c94ffe21f75168980b69dfe\System.Web.DynamicData.Design.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\7bb7e51275fa19f8b4894c772bdb1e10\System.AddIn.Contract.ni.dll + 2012-06-29 13:06 . 2012-06-29 13:06 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\f0c4a4528f130ef2ff1ae63dd7b39075\PresentationFontCache.ni.exe + 2012-06-29 13:05 . 2012-06-29 13:05 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\53931181e5a5e194da82605613cda6af\PresentationCFFRasterizer.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2be3ad4cda6853d7959a84cec0414c5\Microsoft.Vsa.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8fab9cd28bbc860a34feec119512664d\Microsoft.Build.Framework.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0eac132c7c36f1c100ae23c956b379e7\Microsoft.Build.Framework.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\d66bc03eb7eae89b4dde2d09eda1414f\dfsvc.ni.exe + 2012-06-29 16:54 . 2012-06-29 16:54 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll - 2011-04-15 07:08 . 2011-04-15 07:08 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2012-06-29 13:07 . 2012-06-29 13:07 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2012-06-29 13:07 . 2012-06-29 13:07 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll - 2011-04-15 07:08 . 2011-04-15 07:08 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2012-06-29 13:07 . 2012-06-29 13:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2011-04-15 07:09 . 2011-04-15 07:09 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2012-06-29 13:07 . 2012-06-29 13:07 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2011-04-15 07:09 . 2011-04-15 07:09 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2012-06-29 13:07 . 2012-06-29 13:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2011-04-15 07:09 . 2011-04-15 07:09 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2011-04-15 07:09 . 2011-04-15 07:09 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2012-06-29 13:07 . 2012-06-29 13:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2012-06-29 13:07 . 2012-06-29 13:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2011-04-15 07:09 . 2011-04-15 07:09 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2012-06-29 13:07 . 2012-06-29 13:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2011-04-15 07:09 . 2011-04-15 07:09 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2011-04-15 07:08 . 2011-04-15 07:08 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2012-06-29 13:07 . 2012-06-29 13:07 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2012-06-29 13:07 . 2012-06-29 13:07 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2011-04-15 07:08 . 2011-04-15 07:08 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2011-04-15 07:09 . 2011-04-15 07:09 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2012-06-29 13:07 . 2012-06-29 13:07 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2011-04-15 07:09 . 2011-04-15 07:09 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2012-06-29 13:07 . 2012-06-29 13:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2012-06-29 13:07 . 2012-06-29 13:07 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2011-04-15 07:08 . 2011-04-15 07:08 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2011-04-15 07:08 . 2011-04-15 07:08 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2012-06-29 13:07 . 2012-06-29 13:07 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll - 2011-04-15 07:08 . 2011-04-15 07:08 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2012-06-29 13:07 . 2012-06-29 13:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2012-06-29 13:07 . 2012-06-29 13:07 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2011-04-15 07:09 . 2011-04-15 07:09 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2011-04-15 07:09 . 2011-04-15 07:09 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll + 2012-06-29 13:07 . 2012-06-29 13:07 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2011-04-15 07:08 . 2011-04-15 07:08 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2012-06-29 13:07 . 2012-06-29 13:07 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2011-04-15 07:09 . 2011-04-15 07:09 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll + 2012-06-29 13:07 . 2012-06-29 13:07 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2011-04-15 07:09 . 2011-04-15 07:09 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2012-06-29 13:07 . 2012-06-29 13:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2012-04-05 21:13 . 2012-04-05 21:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe - 2004-08-04 12:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll + 2004-08-04 12:00 . 2012-02-29 14:09 177664 c:\windows\system32\wintrust.dll - 2004-08-04 12:00 . 2010-06-18 17:44 293888 c:\windows\system32\winsrv.dll + 2004-08-04 12:00 . 2011-11-25 21:57 293888 c:\windows\system32\winsrv.dll + 2004-08-04 12:00 . 2011-10-14 14:47 178176 c:\windows\system32\winmm.dll - 2004-08-04 12:00 . 2008-04-14 06:52 178176 c:\windows\system32\winmm.dll - 2004-08-04 12:00 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll + 2004-08-04 12:00 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll + 2004-08-04 12:00 . 2012-04-20 19:29 629248 c:\windows\system32\urlmon.dll + 2008-07-29 18:59 . 2011-09-26 09:41 614912 c:\windows\system32\uiautomationcore.dll + 2004-08-04 12:00 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll + 2004-08-04 12:00 . 2011-11-03 15:28 387072 c:\windows\system32\qdvd.dll - 2004-08-04 12:00 . 2008-04-14 06:52 387072 c:\windows\system32\qdvd.dll + 2004-08-04 12:00 . 2012-06-29 16:36 435688 c:\windows\system32\perfh009.dat + 2004-08-04 12:00 . 2012-06-29 16:36 477158 c:\windows\system32\perfh007.dat + 2004-08-04 12:00 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll - 2004-08-04 12:00 . 2008-04-14 06:52 551936 c:\windows\system32\oleaut32.dll + 2004-08-04 12:00 . 2011-09-26 09:41 220160 c:\windows\system32\oleacc.dll - 2004-08-04 12:00 . 2011-02-17 13:51 532480 c:\windows\system32\mstime.dll + 2004-08-04 12:00 . 2012-04-20 19:29 532480 c:\windows\system32\mstime.dll + 2004-08-04 12:00 . 2012-04-20 19:29 449536 c:\windows\system32\mshtmled.dll + 2009-02-04 12:41 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll - 2009-02-04 12:41 . 2011-03-07 05:33 692736 c:\windows\system32\inetcomm.dll + 2004-08-04 12:00 . 2012-02-29 14:09 148480 c:\windows\system32\imagehlp.dll - 2004-08-04 12:00 . 2011-02-17 13:51 251904 c:\windows\system32\iepeers.dll + 2004-08-04 12:00 . 2012-04-20 19:29 251904 c:\windows\system32\iepeers.dll - 2009-02-04 12:24 . 2011-04-15 08:58 267800 c:\windows\system32\FNTCACHE.DAT + 2009-02-04 12:24 . 2012-06-29 16:35 267800 c:\windows\system32\FNTCACHE.DAT + 2004-08-04 12:00 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll - 2004-08-04 12:00 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll + 2004-08-04 12:00 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys + 2004-08-04 12:00 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys - 2004-08-04 12:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys + 2004-08-04 12:00 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys + 2009-02-04 12:41 . 2012-06-02 13:19 210968 c:\windows\system32\dllcache\wuweb.dll + 2009-02-04 12:41 . 2012-06-02 13:19 329240 c:\windows\system32\dllcache\wucltui.dll + 2009-02-04 12:41 . 2012-06-02 13:19 577048 c:\windows\system32\dllcache\wuapi.dll + 2009-12-24 06:59 . 2012-02-29 14:09 177664 c:\windows\system32\dllcache\wintrust.dll - 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll - 2010-06-18 17:44 . 2010-06-18 17:44 293888 c:\windows\system32\dllcache\winsrv.dll + 2010-06-18 17:44 . 2011-11-25 21:57 293888 c:\windows\system32\dllcache\winsrv.dll + 2011-10-14 14:47 . 2011-10-14 14:47 178176 c:\windows\system32\dllcache\winmm.dll - 2009-02-04 14:25 . 2011-02-17 13:51 672768 c:\windows\system32\dllcache\wininet.dll + 2009-02-04 14:25 . 2012-05-16 07:58 672768 c:\windows\system32\dllcache\wininet.dll + 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll - 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll + 2009-02-04 14:25 . 2012-04-20 19:29 629248 c:\windows\system32\dllcache\urlmon.dll + 2008-12-05 06:55 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll + 2011-11-03 15:28 . 2011-11-03 15:28 387072 c:\windows\system32\dllcache\qdvd.dll + 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll + 2004-08-04 12:00 . 2011-09-26 09:41 220160 c:\windows\system32\dllcache\oleacc.dll + 2010-11-05 05:04 . 2012-04-20 19:29 532480 c:\windows\system32\dllcache\mstime.dll - 2010-11-05 05:04 . 2011-02-17 13:51 532480 c:\windows\system32\dllcache\mstime.dll + 2010-09-09 14:17 . 2012-04-20 19:29 449536 c:\windows\system32\dllcache\mshtmled.dll + 2009-02-04 14:24 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys - 2009-02-04 14:24 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll + 2009-02-04 14:24 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll + 2012-02-29 14:09 . 2012-02-29 14:09 148480 c:\windows\system32\dllcache\imagehlp.dll - 2010-02-26 05:41 . 2011-02-17 13:51 251904 c:\windows\system32\dllcache\iepeers.dll + 2010-02-26 05:41 . 2012-04-20 19:29 251904 c:\windows\system32\dllcache\iepeers.dll - 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll + 2011-02-09 13:53 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll + 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys - 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys + 2012-04-05 21:52 . 2012-04-05 21:52 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll + 2011-12-25 01:49 . 2011-12-25 01:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll + 2012-04-21 05:15 . 2012-04-21 05:15 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll + 2011-12-25 01:50 . 2011-12-25 01:50 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll + 2011-12-25 01:50 . 2011-12-25 01:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll + 2011-12-25 01:50 . 2011-12-25 01:50 989968 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll + 2011-12-22 14:50 . 2011-12-22 14:50 256000 c:\windows\Installer\27d3f1.msp + 2012-04-21 19:55 . 2012-04-21 19:55 980480 c:\windows\Installer\27d3e9.msp + 2011-12-25 03:40 . 2011-12-25 03:40 819200 c:\windows\Installer\27d3d4.msp + 2009-02-04 14:24 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys + 2012-06-29 16:54 . 2012-06-29 16:54 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ac4fc3032c19946f9b2729468888206d\WsatConfig.ni.exe + 2012-06-29 16:38 . 2012-06-29 16:38 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\86e11a59f02b2dda27ec2e7cba351744\WindowsFormsIntegration.ni.dll + 2012-06-29 16:38 . 2012-06-29 16:38 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\be27ab5913cec2b292a019c2a13ec701\UIAutomationTypes.ni.dll + 2012-06-29 16:38 . 2012-06-29 16:38 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\04e5e2be34a70ee7f4c87550238095a0\UIAutomationClient.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\698c2093d7ac57af935b399d1c0b1790\System.Web.Routing.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6c7765c10516d375e9ddedad2dbab848\System.Web.RegularExpressions.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\75248baf640115daeb0e580f1c5ff98b\System.Web.Extensions.Design.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\40c3b61ac38613e2b4b0f196e86185eb\System.Web.Entity.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\39cc9a830f7f08fd9f397be452fd78b0\System.Web.Entity.Design.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\88b1fd4792e7b698b788594d8e5e3c09\System.Web.DynamicData.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6333d22a2ea347432d46c40d93194c68\System.Web.Abstractions.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\4a9eb43005a041959ddc5c7e586ab746\System.Net.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\3182a049ba953010dec649cf290a9e90\System.Management.Instrumentation.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8991f21d4b3676bf6f779110db8d4ac9\System.IO.Log.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cd9c60a35d4958e94d2e3dd2f778e2e9\System.IdentityModel.Selectors.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll + 2012-06-29 16:55 . 2012-06-29 16:55 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll + 2012-06-29 16:36 . 2012-06-29 16:36 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\96a3fc1f74a00b618b70bd1701600408\System.Drawing.Design.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ca484772955bc4db03b5dcb611c09423\System.DirectoryServices.Protocols.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ba5e68dddfd3279a8469d39eded48f3\System.DirectoryServices.AccountManagement.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a0109fce606a3110a5e7f9a4773f517e\System.Data.Services.Design.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3a68d0441f509ffa6f8f0fb9cfcc5780\System.Data.Services.Client.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04440b3dd5d822da4973a525ee04b05d\System.Data.Entity.Design.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\7bbb5d9e3b161b4d4b968e590442d3ae\System.Data.DataSetExtensions.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6762f1ee780fa9c0b4ef66b285c64844\SMSvcHost.ni.exe + 2012-06-29 16:54 . 2012-06-29 16:54 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\47ed5bc9f42ea0054ce9acfde5e640b8\ServiceModelReg.ni.exe + 2012-06-29 13:08 . 2012-06-29 13:08 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a4706b850df9a3483f2fc439b6abe616\PresentationFramework.Royale.ni.dll + 2012-06-29 13:08 . 2012-06-29 13:08 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll + 2012-06-29 13:08 . 2012-06-29 13:08 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll + 2012-06-29 13:08 . 2012-06-29 13:08 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\186c27fbd7b38b5551889274f6fa2ccd\PresentationFramework.Aero.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5a121969a115d11b6256eb960c145686\MSBuild.ni.exe + 2012-06-29 16:54 . 2012-06-29 16:54 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\97c613d3899b320a6765793bdf490272\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dec22fb7d6b8929a41380e5359741a07\Microsoft.Build.Utilities.v3.5.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1009b31c86a1b798fffa9e0127cec29c\Microsoft.Build.Utilities.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\21d88631ef629715d3eecdd08e62e0b8\Microsoft.Build.Engine.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a0f38c6478cca8297fb160291346c1c9\Microsoft.Build.Conversion.v3.5.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\9869c02d18825fdd32e64135a3e7246b\ComSvcConfig.ni.exe + 2012-06-29 16:54 . 2012-06-29 16:54 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c0045c1c7c29c7e7cc7bd60001b729a7\AspNetMMCExt.ni.dll + 2012-06-29 13:07 . 2012-06-29 13:07 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2011-04-15 07:08 . 2011-04-15 07:08 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2011-04-15 07:08 . 2011-04-15 07:08 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2012-06-29 13:07 . 2012-06-29 13:07 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2012-06-29 13:07 . 2012-06-29 13:07 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2011-04-15 07:09 . 2011-04-15 07:09 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2012-06-29 13:07 . 2012-06-29 13:07 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2011-04-15 07:09 . 2011-04-15 07:09 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2012-06-29 13:07 . 2012-06-29 13:07 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2011-04-15 07:09 . 2011-04-15 07:09 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2011-04-15 07:09 . 2011-04-15 07:09 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2012-06-29 13:07 . 2012-06-29 13:07 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2011-04-15 07:09 . 2011-04-15 07:09 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2012-06-29 13:07 . 2012-06-29 13:07 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2011-04-15 07:09 . 2011-04-15 07:09 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2012-06-29 13:07 . 2012-06-29 13:07 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2012-06-29 13:07 . 2012-06-29 13:07 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2012-06-29 13:07 . 2012-06-29 13:07 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2011-04-15 07:09 . 2011-04-15 07:09 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2011-04-15 07:08 . 2011-04-15 07:08 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2012-06-29 13:07 . 2012-06-29 13:07 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2012-06-29 13:07 . 2012-06-29 13:07 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2011-04-15 07:09 . 2011-04-15 07:09 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2012-06-29 13:07 . 2012-06-29 13:07 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2011-04-15 07:09 . 2011-04-15 07:09 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2011-04-15 07:09 . 2011-04-15 07:09 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2012-06-29 13:07 . 2012-06-29 13:07 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2012-06-29 13:08 . 2012-06-29 13:08 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll - 2009-02-04 15:01 . 2009-02-04 15:01 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll + 2012-06-29 13:07 . 2012-06-29 13:07 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2011-04-15 07:09 . 2011-04-15 07:09 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2012-06-29 12:50 . 2012-06-29 12:50 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll + 2012-06-29 13:07 . 2012-06-29 13:07 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2011-04-15 07:09 . 2011-04-15 07:09 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2012-06-29 13:07 . 2012-06-29 13:07 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2011-04-15 07:09 . 2011-04-15 07:09 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2012-06-29 13:07 . 2012-06-29 13:07 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2011-04-15 07:09 . 2011-04-15 07:09 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2011-04-15 07:09 . 2011-04-15 07:09 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2012-06-29 13:07 . 2012-06-29 13:07 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2012-06-29 13:07 . 2012-06-29 13:07 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2011-04-15 07:09 . 2011-04-15 07:09 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2011-04-15 07:09 . 2011-04-15 07:09 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2012-06-29 13:07 . 2012-06-29 13:07 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2011-04-15 07:08 . 2011-04-15 07:08 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2012-06-29 13:07 . 2012-06-29 13:07 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2012-06-29 13:07 . 2012-06-29 13:07 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - 2011-04-15 07:09 . 2011-04-15 07:09 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - 2009-02-04 15:00 . 2009-02-04 15:00 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll + 2012-06-29 12:50 . 2012-06-29 12:50 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll + 2012-06-29 13:07 . 2012-06-29 13:07 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2011-04-15 07:09 . 2011-04-15 07:09 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2011-04-15 07:09 . 2011-04-15 07:09 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2012-06-29 13:07 . 2012-06-29 13:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2012-06-29 13:07 . 2012-06-29 13:07 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll - 2011-04-15 07:09 . 2011-04-15 07:09 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2012-06-29 12:11 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll + 2004-08-04 12:00 . 2012-04-20 19:29 1510400 c:\windows\system32\shdocvw.dll - 2004-08-04 12:00 . 2011-02-17 13:51 1510400 c:\windows\system32\shdocvw.dll + 2004-08-04 12:00 . 2011-11-03 15:28 1297920 c:\windows\system32\quartz.dll + 2004-08-04 12:00 . 2011-11-01 16:07 1288704 c:\windows\system32\ole32.dll + 2004-08-04 12:00 . 2012-04-20 19:29 3109376 c:\windows\system32\mshtml.dll + 2009-02-04 12:41 . 2012-06-02 13:19 1933848 c:\windows\system32\dllcache\wuaueng.dll + 2009-02-04 14:24 . 2012-05-15 13:56 1863296 c:\windows\system32\dllcache\win32k.sys - 2009-02-04 14:25 . 2011-02-17 13:51 1510400 c:\windows\system32\dllcache\shdocvw.dll + 2009-02-04 14:25 . 2012-04-20 19:29 1510400 c:\windows\system32\dllcache\shdocvw.dll + 2008-05-07 05:10 . 2011-11-03 15:28 1297920 c:\windows\system32\dllcache\quartz.dll + 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll + 2009-02-04 14:24 . 2012-05-05 03:14 2194944 c:\windows\system32\dllcache\ntoskrnl.exe + 2009-02-04 14:24 . 2012-05-05 03:14 2029056 c:\windows\system32\dllcache\ntkrpamp.exe + 2009-02-04 14:24 . 2012-05-05 03:14 2071424 c:\windows\system32\dllcache\ntkrnlpa.exe + 2009-02-04 14:24 . 2012-05-05 03:14 2150912 c:\windows\system32\dllcache\ntkrnlmp.exe + 2009-02-04 14:24 . 2012-04-20 19:29 3109376 c:\windows\system32\dllcache\mshtml.dll + 2010-03-10 04:33 . 2012-04-20 19:29 1025024 c:\windows\system32\dllcache\browseui.dll - 2010-03-10 04:33 . 2011-02-17 13:51 1025024 c:\windows\system32\dllcache\browseui.dll - 2004-08-04 12:00 . 2011-02-17 13:51 1025024 c:\windows\system32\browseui.dll + 2004-08-04 12:00 . 2012-04-20 19:29 1025024 c:\windows\system32\browseui.dll + 2012-03-20 03:23 . 2012-03-20 03:23 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll - 2008-07-25 10:17 . 2008-07-25 10:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll + 2011-12-25 01:50 . 2011-12-25 01:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll + 2011-12-25 01:50 . 2011-12-25 01:50 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll + 2012-03-20 03:23 . 2012-03-20 03:23 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll - 2008-07-25 10:17 . 2008-07-25 10:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll + 2011-12-25 01:50 . 2011-12-25 01:50 5913360 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll + 2011-12-25 01:50 . 2011-12-25 01:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll - 2011-01-18 02:39 . 2011-01-18 02:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll + 2011-12-26 07:59 . 2011-12-26 07:59 4368896 c:\windows\Installer\27d3cc.msp + 2012-03-20 21:57 . 2012-03-20 21:57 6188544 c:\windows\Installer\27d3b4.msp + 2009-02-04 14:24 . 2012-05-05 03:14 2194944 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2009-02-04 14:24 . 2012-05-05 03:14 2029056 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2009-02-04 14:24 . 2012-05-05 03:14 2071424 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2009-02-04 14:24 . 2012-05-05 03:14 2150912 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2012-06-29 13:05 . 2012-06-29 13:05 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll + 2012-06-29 16:38 . 2012-06-29 16:38 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41a81b97625c113b591ed082c95276e2\UIAutomationClientsideProviders.ni.dll + 2012-06-29 13:05 . 2012-06-29 13:05 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll + 2012-06-29 16:38 . 2012-06-29 16:38 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\77361ebe9ad8ff77cc9a8d7f8363eb05\System.Workflow.Runtime.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1c12dfa7826b331b243b7b45daf9904d\System.Workflow.ComponentModel.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\514bf0e69e2c9fc8509cd23236057356\System.Workflow.Activities.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\77f8cde07b131839f1841be702837e8e\System.Web.Mobile.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\242b168aaca18197eca371ec269e23ac\System.Web.Extensions.ni.dll + 2012-06-29 16:37 . 2012-06-29 16:37 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5efb50c91f3c5e49be2079f625d933b7\System.Speech.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll + 2012-06-29 16:37 . 2012-06-29 16:37 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d380f1813e27c2a086e62f0218669d67\System.Printing.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll + 2012-06-29 16:36 . 2012-06-29 16:36 1592320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b55887436d2cfbe1fb32dd18d554185b\System.DirectoryServices.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll + 2012-06-29 13:09 . 2012-06-29 13:09 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de7666b1cd0a1bc363726c9553dc39c\System.Data.Services.ni.dll + 2012-06-29 13:09 . 2012-06-29 13:09 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44a5fc9e7c71b1fe1e2c79b03ecc3bc7\System.Data.Linq.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\772c94f595cd87b7fa187d592ef46fcf\System.Data.Entity.ni.dll + 2012-06-29 13:09 . 2012-06-29 13:09 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll + 2012-06-29 13:09 . 2012-06-29 13:09 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\443dd7f0b84c3de54b1a72be655e307c\ReachFramework.ni.dll + 2012-06-29 13:09 . 2012-06-29 13:09 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\48ddcafff1a5603fb3289e90330275c0\PresentationUI.ni.dll + 2012-06-29 13:05 . 2012-06-29 13:05 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\8c509044eea2ab22689ea43926b30108\PresentationBuildTasks.ni.dll + 2012-06-29 16:55 . 2012-06-29 16:55 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\42145ebf75f77cabad442f0801a81c64\Microsoft.Transactions.Bridge.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\cfe15312373b4668398404b5822bab7d\Microsoft.JScript.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4e463dcf2a03c71913a61b44c32e2389\Microsoft.Build.Tasks.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\395b4a85c7941ac4dd9d1c6f5eb444c7\Microsoft.Build.Tasks.v3.5.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5aa63a1cb41e3a5e1e8ed17072e60ec3\Microsoft.Build.Engine.ni.dll + 2012-06-29 12:50 . 2012-06-29 12:50 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll - 2010-06-23 19:31 . 2010-06-23 19:31 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll + 2012-06-29 13:07 . 2012-06-29 13:07 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2012-06-29 13:07 . 2012-06-29 13:07 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2011-04-15 07:09 . 2011-04-15 07:09 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2011-04-15 07:08 . 2011-04-15 07:08 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2012-06-29 13:07 . 2012-06-29 13:07 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2010-10-06 21:07 . 2010-10-06 21:07 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll + 2012-06-29 12:54 . 2012-06-29 12:54 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll - 2011-04-15 07:08 . 2011-04-15 07:08 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2012-06-29 13:07 . 2012-06-29 13:07 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2012-06-29 12:50 . 2012-06-29 12:50 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2012-06-29 13:07 . 2012-06-29 13:07 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2012-06-29 13:07 . 2012-06-29 13:07 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2011-04-15 07:09 . 2011-04-15 07:09 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2012-06-29 12:50 . 2012-06-29 12:50 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - 2011-04-15 07:09 . 2011-04-15 07:09 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2012-06-29 13:07 . 2012-06-29 13:07 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2009-02-04 14:35 . 2012-06-03 21:35 56731752 c:\windows\system32\MRT.exe + 2012-04-06 00:12 . 2012-04-06 00:12 15709696 c:\windows\Installer\27d3f9.msp + 2012-01-04 00:25 . 2012-01-04 00:25 17751552 c:\windows\Installer\27d3e1.msp + 2012-04-06 01:13 . 2012-04-06 01:13 16527872 c:\windows\Installer\27d3c1.msp + 2012-06-29 16:37 . 2012-06-29 16:37 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll + 2012-06-29 16:56 . 2012-06-29 16:56 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll + 2012-06-29 16:54 . 2012-06-29 16:54 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll + 2012-06-29 13:09 . 2012-06-29 13:09 10682368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f73a8455f384e90f6925309336fece24\System.Design.ni.dll + 2012-06-29 13:08 . 2012-06-29 13:08 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll + 2012-06-29 13:08 . 2012-06-29 13:08 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll + 2012-06-29 13:05 . 2012-06-29 13:05 11492352 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll . -- Snapshot auf jetziges Datum zurückgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2012-06-27 296056] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Besitzer^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\dokumente und einstellungen\Besitzer\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] 2011-07-11 15:14 528832 ----a-w- c:\programme\Lavasoft\Ad-Aware\AAWTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-06-12 01:38 34672 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2010-12-13 07:39 281768 ----a-w- c:\programme\Avira\AntiVir Desktop\avgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient] 2006-12-27 23:02 1454080 ----a-r- c:\programme\avmwlanstick\WLanGUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 22:47 31016 ----a-w- c:\programme\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-09-17 22:55 13574144 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-09-17 22:55 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-09-17 22:55 1657376 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2010-12-21 10:53 1483264 ----a-w- c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2005-01-12 02:01 32768 ----a-w- c:\programme\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-11-22 15:40 16858112 ----a-w- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-02-29 06:55 17148552 ----a-r- d:\dasi\Programme\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 10:44 248552 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-06-27 18:01 296056 ----a-w- c:\programme\Real\RealPlayer\Update\realsched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Vogel Verlag\\Fahren Lernen\\Vogel.FahrenLernenMax.exe"= "c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\DaSi\\Programme\\Skype\\Phone\\Skype.exe"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.02.2009 18:14 64160] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [27.05.2009 09:26 136360] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 1036104] R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [04.02.2009 20:12 265088] S2 Application Updater;Application Updater;"c:\programme\Application Updater\ApplicationUpdater.exe" --> c:\programme\Application Updater\ApplicationUpdater.exe [?] S2 SkypeUpdate;Skype Updater;d:\dasi\Programme\Skype\Updater\Updater.exe [15.02.2012 14:30 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05.04.2012 08:57 250056] S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [04.02.2009 20:12 4352] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [03.05.2012 17:19 113120] S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04.08.2004 14:00 14336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Inhalt des "geplante Tasks" Ordners . 2012-06-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:14] . 2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 07:57] . 2012-06-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-162531612-839522115-1003.job - c:\programme\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21] . 2012-06-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-162531612-839522115-1003.job - c:\programme\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21] . . ------- Zusätzlicher Suchlauf ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.de/ FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-06-29 19:17 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'explorer.exe'(3192) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Zeit der Fertigstellung: 2012-06-29 19:19:25 ComboFix-quarantined-files.txt 2012-06-29 17:19 ComboFix2.txt 2012-06-29 11:41 . Vor Suchlauf: 9 Verzeichnis(se), 103.933.874.176 Bytes frei Nach Suchlauf: 12 Verzeichnis(se), 103.968.956.416 Bytes frei . - - End Of File - - 344C0B0C23D23904BDAB50935A08B311 ich glaube er hat keinen Neustart gemacht ... jedenfalls wurde ich nicht aufgefordert irgendetwas zu tun ,,,, |
01.07.2012, 14:20 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
02.07.2012, 13:42 | #27 |
| GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-07-02 14:21:50 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e MAXTOR_STM3250310AS rev.3.AAF Running: 2e1o50fw.exe; Driver: C:\DOKUME~1\Besitzer\LOKALE~1\Temp\kgriifow.sys ---- System - GMER 1.0.15 ---- SSDT F7B7374C ZwClose SSDT F7B73706 ZwCreateKey SSDT F7B73756 ZwCreateSection SSDT F7B736FC ZwCreateThread SSDT F7B7370B ZwDeleteKey SSDT F7B73715 ZwDeleteValueKey SSDT F7B73747 ZwDuplicateObject SSDT F7B7371A ZwLoadKey SSDT F7B736E8 ZwOpenProcess SSDT F7B736ED ZwOpenThread SSDT F7B73724 ZwReplaceKey SSDT F7B7371F ZwRestoreKey SSDT F7B7375B ZwSetContextThread SSDT F7B73710 ZwSetValueKey SSDT F7B736F7 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2DC4 8050467C 4 Bytes CALL A747FDB7 .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6A1E360, 0x32DEFD, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\programme\real\realplayer\update\realsched.exe[992] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) ---- EOF - GMER 1.0.15 ---- OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 15:14:26 on 02.07.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.5512 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "Ad-Aware Update (Weekly).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "RealUpgradeLogonTaskS-1-5-21-448539723-162531612-839522115-1003.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe "RealUpgradeScheduledTaskS-1-5-21-448539723-162531612-839522115-1003.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\DOKUME~1\Besitzer\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "kgriifow" (kgriifow) - ? - C:\DOKUME~1\Besitzer\LOKALE~1\Temp\kgriifow.sys (Hidden registry entry, rootkit activity | File not found) "Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - ? - C:\WINDOWS\system32\hticons.dll (File not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? - (File not found | COM-object registry key not found) {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programme\real\realplayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "TkBellExe" - "RealNetworks, Inc." - "C:\programme\real\realplayer\update\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Application Updater" (Application Updater) - ? - "C:\Programme\Application Updater\ApplicationUpdater.exe" (File not found) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "AVM FRITZ!web Routing Service" (de_serv) - ? - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (File not found) "AVM IGD CTRL Service" (AVM IGD CTRL Service) - ? - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (File not found) "AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Programme\avmwlanstick\WlanNetService.exe "getPlus(R) Helper 3004" (nosGetPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper_3004.dll "Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - D:\DaSi\Programme\Skype\Updater\Updater.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
02.07.2012, 14:24 | #28 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort Was ist mit aswMBR?
__________________ Logfiles bitte immer in CODE-Tags posten |
02.07.2012, 16:39 | #29 |
| GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-07-02 15:48:57 ----------------------------- 15:48:57.656 OS Version: Windows 5.1.2600 Service Pack 3 15:48:57.656 Number of processors: 2 586 0x6B02 15:48:57.656 ComputerName: BENUTZER-0D266D UserName: Besitzer 15:48:58.671 Initialize success 15:52:15.046 AVAST engine defs: 12070201 16:30:38.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e 16:30:38.125 Disk 0 Vendor: MAXTOR_STM3250310AS 3.AAF Size: 238475MB BusType: 3 16:30:38.187 Disk 0 MBR read successfully 16:30:38.187 Disk 0 MBR scan 16:30:38.250 Disk 0 Windows XP default MBR code 16:30:38.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63 16:30:38.265 Disk 0 Partition - 00 0F Extended LBA 88467 MB offset 307194930 16:30:38.328 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 88467 MB offset 307194993 16:30:38.375 Disk 0 scanning sectors +488376000 16:30:38.656 Disk 0 scanning C:\WINDOWS\system32\drivers 16:31:22.500 Service scanning 16:31:36.546 Modules scanning 16:32:22.687 Disk 0 trace - called modules: 16:32:22.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 16:32:22.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ab1ab8] 16:32:22.750 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000064[0x84ab5f18] 16:32:22.750 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x84ab3d98] 16:32:23.218 AVAST engine scan C:\WINDOWS 16:33:08.750 AVAST engine scan C:\WINDOWS\system32 16:42:55.062 AVAST engine scan C:\WINDOWS\system32\drivers 16:44:22.140 AVAST engine scan C:\Dokumente und Einstellungen\Besitzer 17:11:39.781 AVAST engine scan C:\Dokumente und Einstellungen\All Users 17:22:10.390 Scan finished successfully 17:36:18.031 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Besitzer\Desktop\MBR.dat" 17:36:18.031 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Besitzer\Desktop\aswMBR.txt" ist ne ganze zeit gelaufen .... |
03.07.2012, 10:42 | #30 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort |
administrator, ahnung, anmelde, anmelden, aufforderung, avira, eingebe, euro, falsches, freeware, installiere, installieren, kapersky, melde, melden, modus, möglichkeit, neue, nichts, nutzung, passwort, reagiert, reaktivieren, software, verlangt, wenig, wenig ahnung, zahlung |