| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit AktivitätWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.06.2012, 07:49
| #1 |
| |  TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität Hallo, seit Dienstag meldet sich Avira auf unserem Büro-Rechner mit den Trojaner Funden: TR/Atraps.Gen2 TR/Sirefef.AG.35 und TR/Small.FI Ein Scan mit Malewarebytes hat den Fund bestätigt. In Quarantäne verschieben funktioniert nicht. Ich bin keine Anleitungen zum enfernen durchgegangen, weil in einer Anleitung stand, dass jede Infektion einer individuellen Behandlung Bedarf. Ich würde mich seeeeehr freuen, wenn mir jemand helfen könnte. Hier die Logs: OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.06.2012 11:44:08 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Dokumente und Einstellungen\admin\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 75,41% Memory free 5,34 Gb Paging File | 4,49 Gb Available in Paging File | 84,16% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 931,50 Gb Total Space | 899,12 Gb Free Space | 96,52% Space Free | Partition Type: NTFS Drive D: | 931,50 Gb Total Space | 651,39 Gb Free Space | 69,93% Space Free | Partition Type: NTFS Computer Name: BUERO-1 | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.27 11:19:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe PRC - [2012.05.14 16:03:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.14 16:03:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.14 16:03:03 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.14 16:03:03 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.14 16:03:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.14 16:03:03 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.04 16:05:47 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\spotify.exe PRC - [2012.05.04 16:05:46 | 000,932,528 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.12.09 19:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2011.10.31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe PRC - [2011.10.27 11:17:20 | 001,927,120 | ---- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\NasNavi.exe PRC - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010.03.03 19:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProTray.exe PRC - [2010.03.03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProSvc.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.09.21 20:19:20 | 001,964,528 | ---- | M] (Symantec) -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe PRC - [2009.05.15 10:37:00 | 000,206,128 | ---- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\nassche.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.11 02:17:30 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe PRC - [2001.08.18 04:54:46 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfRsmg.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 08:56:45 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012.06.14 08:15:20 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.06.14 08:14:27 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.06.13 13:31:18 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.05.14 16:03:04 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.05.11 12:49:16 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.11 12:49:01 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll MOD - [2012.05.10 14:43:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.10 14:42:39 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.10 14:42:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.05.04 16:05:47 | 020,101,120 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\libcef.dll MOD - [2012.05.04 16:05:46 | 000,932,528 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.03.14 18:18:51 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3748.36848__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2011.03.14 18:18:51 | 000,380,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3748.36826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2011.03.14 18:18:51 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2011.03.14 18:18:51 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:51 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2011.03.14 18:18:51 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:51 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2011.03.14 18:18:51 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3748.36875__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2011.03.14 18:18:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2011.03.14 18:18:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2011.03.14 18:18:50 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:50 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TutorialInfoCentre.Graphics.Dashboard\2.0.3748.36964__90ba9c70f846762e\CLI.Aspect.TutorialInfoCentre.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2011.03.14 18:18:50 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3748.36931__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:50 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2011.03.14 18:18:50 | 000,013,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll MOD - [2011.03.14 18:18:50 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2011.03.14 18:18:49 | 000,655,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3748.36942__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:49 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2011.03.14 18:18:48 | 000,856,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3748.36878__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:48 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3748.36851__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:48 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3748.36900__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2011.03.14 18:18:48 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3748.36838__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:48 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:48 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2011.03.14 18:18:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2011.03.14 18:18:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3748.36855__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2011.03.14 18:18:47 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:47 | 000,376,832 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3748.36871__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:47 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:47 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2011.03.14 18:18:47 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2011.03.14 18:18:47 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3748.36884__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2011.03.14 18:18:47 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3748.36820__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2011.03.14 18:18:47 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3748.36817__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2011.03.14 18:18:47 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2011.03.14 18:18:47 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2011.03.14 18:18:47 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2011.03.14 18:18:46 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3748.36815__90ba9c70f846762e\LOG.Foundation.dll MOD - [2011.03.14 18:18:46 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3748.36816__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2011.03.14 18:18:46 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2011.03.14 18:18:46 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3748.36928__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2011.03.14 18:18:46 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3748.36819__90ba9c70f846762e\MOM.Foundation.dll MOD - [2011.03.14 18:18:46 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3748.36826__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2011.03.14 18:18:45 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3748.36819__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2011.03.14 18:18:45 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3748.36816__90ba9c70f846762e\CLI.Foundation.dll MOD - [2011.03.14 18:18:45 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2011.03.14 18:18:45 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2011.03.14 18:18:45 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2011.03.14 18:18:45 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3748.36923__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2011.03.14 18:18:45 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2011.03.14 18:18:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2011.03.14 18:18:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2011.03.14 18:18:45 | 000,009,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2011.03.14 18:18:45 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3748.36817__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2011.03.14 18:18:45 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3748.36825__90ba9c70f846762e\DEM.Graphics.dll MOD - [2011.03.14 18:18:45 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3748.36820__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2011.03.14 18:18:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3748.36867__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3748.36882__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3748.36825__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3748.36817__90ba9c70f846762e\APM.Foundation.dll MOD - [2011.03.14 18:18:44 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3748.36822__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2011.03.14 18:18:43 | 000,741,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3748.36957__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2011.03.14 18:18:43 | 000,577,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3748.36917__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2011.03.14 18:18:43 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2011.03.14 18:18:43 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3748.36923__90ba9c70f846762e\MOM.Implementation.dll MOD - [2011.03.14 18:18:43 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3748.36921__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2011.03.14 18:18:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2011.03.14 18:18:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3748.36820__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2011.03.14 18:18:43 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3748.36818__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2011.03.14 18:18:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3748.36819__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2011.03.14 18:18:43 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2011.03.14 18:18:43 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2011.03.14 18:18:43 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3748.36842__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2011.03.14 18:18:43 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3748.36824__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2011.03.14 18:18:43 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3748.36822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2011.03.14 18:18:42 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3748.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2011.03.14 18:18:42 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3748.36824__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2011.03.14 18:18:42 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3748.36825__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2011.03.14 18:18:42 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3748.36821__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2011.03.14 18:18:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3748.36830__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2011.03.14 18:18:42 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3748.36831__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2011.03.14 18:18:41 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3748.36823__90ba9c70f846762e\APM.Server.dll MOD - [2011.03.14 18:18:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3748.36822__90ba9c70f846762e\AEM.Server.dll MOD - [2011.03.14 18:18:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2011.03.14 18:18:41 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3748.36923__90ba9c70f846762e\CCC.Implementation.dll MOD - [2011.03.14 18:18:41 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3748.36849__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.08.16 00:08:44 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2010.01.08 15:15:34 | 001,552,384 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Programme\Notepad++\NppShell_01.dll MOD - [2009.05.26 20:15:36 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.05.26 20:15:35 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.02.11 02:17:30 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe MOD - [2007.06.03 09:46:31 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\cl66cl3.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.25 13:46:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.22 12:26:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.14 16:03:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.14 16:03:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.14 16:03:03 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.14 16:03:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.10.31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.03.03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost) SRV - [2010.02.12 07:09:06 | 001,574,408 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.09.21 20:19:20 | 001,964,528 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService) SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\AmdK8.sys -- (AmdK8) DRV - [2012.05.14 16:03:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.14 16:03:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.10.11 16:06:12 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.20 10:44:24 | 006,026,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010.04.08 10:11:36 | 000,101,904 | R--- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.04.07 04:42:04 | 004,687,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2010.02.12 07:10:12 | 000,057,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GenericMount.sys -- (GenericMount) DRV - [2009.11.18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.11.18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009.10.01 22:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.09.21 20:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor) DRV - [2009.09.21 20:20:42 | 000,138,592 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap) DRV - [2009.09.04 07:46:08 | 000,045,056 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2009.05.27 13:24:29 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2008.04.14 08:03:54 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf) DRV - [2008.01.19 19:45:40 | 000,038,112 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount) DRV - [2007.12.14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS) DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex) DRV - [2006.11.24 04:34:54 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2001.08.18 05:21:04 | 000,039,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParwdm.sys -- (BrParWdm) Brother WDM-Treiber (parallel) DRV - [2001.08.17 14:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParImg.sys -- (brparimg) DRV - [2001.08.17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn) Brother MFC-Scannertreiber (USB) DRV - [2001.08.17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://groupware.vfs-langenhagen.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.22 12:26:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.13 15:39:36 | 000,000,000 | ---D | M] [2010.12.02 11:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Extensions [2010.12.02 11:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2012.05.02 14:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yx8gn338.default\extensions [2010.07.02 14:23:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yx8gn338.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.06.08 14:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Sunbird\Profiles\6iyd0i52.default\extensions [2012.05.04 14:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.14 14:17:48 | 000,709,293 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\YX8GN338.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2012.06.22 12:26:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.04.11 13:12:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2012.06.22 12:26:20 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.22 12:26:20 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.22 12:26:20 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.22 12:26:20 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.22 12:26:20 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.22 12:26:20 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001.08.31 23:23:36 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Programme\Norton Ghost\Agent\VProTray.exe (Symantec Corporation) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Spotify] C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe () O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\BUFFALO NAS Navigator2.lnk = C:\Programme\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.) O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\NAS Scheduler.lnk = C:\Programme\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Quicken 2009 Zahlungserinnerung.lnk = C:\Programme\Quicken\2009\billmind.exe (Lexware GmbH & Co. KG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 80 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99277728-F2C2-46E7-B3A0-2E8743EA09DC}: NameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009.05.19 18:28:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{112181fa-a3a1-11df-9df5-00241d126e9d}\Shell - "" = AutoRun O33 - MountPoints2\{112181fa-a3a1-11df-9df5-00241d126e9d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{112181fa-a3a1-11df-9df5-00241d126e9d}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1 O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Bin\Assetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.27 11:41:20 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe [2012.06.27 10:13:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Malwarebytes [2012.06.27 10:13:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.27 10:13:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.27 10:13:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.06.27 10:13:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.27 09:50:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2012.06.04 13:03:02 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox [2012.05.31 10:29:28 | 000,000,000 | ---D | C] -- C:\Programme\Canon [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.27 11:46:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.27 11:40:37 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\defogger_reenable [2012.06.27 11:38:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.27 11:38:07 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.06.27 11:38:00 | 000,002,644 | ---- | M] () -- C:\WINDOWS\BRMFBIDI.INI [2012.06.27 11:37:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.27 11:37:23 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX [2012.06.27 11:19:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe [2012.06.27 11:12:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.06.27 10:13:33 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.21 09:39:37 | 000,035,328 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.14 08:13:18 | 000,377,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.13 13:31:31 | 000,499,742 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.13 13:31:31 | 000,475,446 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.13 13:31:31 | 000,101,642 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.13 13:31:31 | 000,084,976 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.13 13:28:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.06.04 13:03:10 | 000,001,034 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\Dropbox.lnk [2012.06.04 13:02:54 | 000,001,026 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Dropbox.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.27 11:42:32 | 000,001,648 | ---- | C] () -- C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\00000001.@ [2012.06.27 11:40:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\defogger_reenable [2012.06.27 11:37:02 | 000,018,944 | ---- | C] () -- C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\800000cb.@ [2012.06.27 11:37:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\80000000.@ [2012.06.27 10:13:33 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.17 15:34:08 | 000,015,022 | ---- | C] () -- C:\WINDOWS\UN060501.INI [2012.02.15 16:17:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.31 18:12:44 | 000,001,040 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\advanced_ip_scanner_MAC.bin [2011.07.08 15:19:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2011.05.12 13:43:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2011.04.26 17:09:48 | 000,000,019 | ---- | C] () -- C:\WINDOWS\QwTools.INI [2011.03.14 18:17:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011.03.14 18:17:24 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011.03.14 18:17:24 | 000,202,234 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.03.14 18:17:24 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2011.03.14 18:17:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2011.03.14 18:17:00 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2011.03.14 17:44:23 | 000,021,536 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011.03.14 17:44:22 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011.03.14 17:37:13 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2011.03.14 17:33:00 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2010.12.02 14:18:46 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage3.dll [2010.12.02 14:18:46 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll [2010.12.02 14:18:46 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll [2010.12.02 14:18:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe [2010.12.02 13:54:19 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SW_Win9423X24.DLL [2010.11.18 15:49:18 | 000,000,374 | ---- | C] () -- C:\WINDOWS\capture.ini [2010.08.20 11:45:47 | 000,000,014 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\usb001 [2010.07.27 23:16:22 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_9880.ini [2010.07.27 23:16:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2010.07.22 22:02:00 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD5250DN.DAT [2010.06.11 15:46:23 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2009.07.02 11:03:38 | 000,013,017 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Kommagetrennte Werte (Windows).CAL [2009.06.05 13:53:36 | 000,035,328 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.27 15:31:59 | 000,000,512 | ---- | C] () -- C:\Programme\hbedv.key [2009.05.27 13:39:16 | 003,211,264 | ---- | C] () -- C:\Programme\Gemeinsame DateienDDBACSetup.msi [2009.05.20 13:12:06 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.04.14 07:51:54 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@ [2008.04.14 07:51:54 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@ ========== LOP Check ========== [2009.05.27 13:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Buhl Data Service [2010.11.15 14:07:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Buhl Data Service GmbH [2012.02.21 16:59:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\DL [2012.06.27 11:39:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox [2012.06.13 13:22:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\FileZilla [2010.03.18 11:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\fotobuch.de AG [2012.03.01 19:09:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\FreeFileSync [2011.11.22 15:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\InfoRapid KnowledgeMap [2009.05.20 13:12:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\IsolatedStorage [2009.05.27 13:38:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Lexware [2012.02.17 16:52:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\MediaMonkey [2012.04.17 15:35:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\NASNaviator2 [2010.07.13 19:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Notepad++ [2009.06.11 09:35:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\OfficeUpdate12 [2012.06.27 11:44:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify [2012.02.10 16:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\streamripper [2010.12.02 11:19:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\TomTom [2009.05.27 13:46:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2010.03.18 11:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotobuch.de AG [2009.05.27 13:38:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2012.02.10 17:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MediaMonkey [2010.11.18 15:48:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2010.12.02 11:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2011.04.18 14:49:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} ========== Purity Check ========== < End of report > [/code] GMER - Nach dem Scan von GMER erschien die Nachricht: "GMER has found system modification, which might have been caused by ROOTKIT activity." Nach dem Speichern und Öffnen des Logs wurde GMER von Windows geschlossen, weil "ein Fehler festgestellt wurde". GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-28 08:13:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-e ST31000333AS rev.CC1H
Running: yqmpbmgg.exe; Driver: C:\DOKUME~1\admin\LOKALE~1\Temp\ugtdqpob.sys
---- System - GMER 1.0.15 ----
SSDT F7BD07DC ZwClose
SSDT F7BD0796 ZwCreateKey
SSDT F7BD07E6 ZwCreateSection
SSDT F7BD07BE ZwCreateSymbolicLinkObject
SSDT F7BD078C ZwCreateThread
SSDT F7BD079B ZwDeleteKey
SSDT F7BD07A5 ZwDeleteValueKey
SSDT F7BD07D7 ZwDuplicateObject
SSDT F7BD07C3 ZwLoadDriver
SSDT F7BD07AA ZwLoadKey
SSDT F7BD0778 ZwOpenProcess
SSDT F7BD07B9 ZwOpenSection
SSDT F7BD077D ZwOpenThread
SSDT F7BD07FF ZwQueryValueKey
SSDT F7BD07B4 ZwReplaceKey
SSDT F7BD07F0 ZwRequestWaitReplyPort
SSDT F7BD07AF ZwRestoreKey
SSDT F7BD07EB ZwSetContextThread
SSDT F7BD07F5 ZwSetSecurityObject
SSDT F7BD07C8 ZwSetSystemInformation
SSDT F7BD07A0 ZwSetValueKey
SSDT F7BD07FA ZwSystemDebugControl
SSDT F7BD0787 ZwTerminateProcess
SSDT F7BD0782 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF652B000, 0x235F87, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Mozilla Firefox\firefox.exe[2480] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 0115FA35 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[2480] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 014007C5 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[2480] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0140079E C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[2480] GDI32.dll!CreateDIBSection 77EF9E19 5 Bytes JMP 01400728 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
---- Processes - GMER 1.0.15 ----
Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1156] 0x45670000
Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1804] 0x45670000
---- EOF - GMER 1.0.15 ----
Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.27.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 admin :: BUERO-1 [Administrator] Schutz: Aktiviert 27.06.2012 10:14:19 mbam-log-2012-06-27 (11-32-30).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 344172 Laufzeit: 1 Stunde(n), 16 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bösartig: (\\.\globalroot\systemroot\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\n.) Gut: (wbemess.dll) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt. C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt. C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt. C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt. (Ende) Log vom TDSSKiller: Code:
ATTFilter 09:12:35.0265 4048 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
09:12:35.0343 4048 ============================================================
09:12:35.0343 4048 Current date / time: 2012/06/28 09:12:35.0343
09:12:35.0343 4048 SystemInfo:
09:12:35.0343 4048
09:12:35.0343 4048 OS Version: 5.1.2600 ServicePack: 3.0
09:12:35.0343 4048 Product type: Workstation
09:12:35.0343 4048 ComputerName: BUERO-1
09:12:35.0343 4048 UserName: admin
09:12:35.0343 4048 Windows directory: C:\WINDOWS
09:12:35.0343 4048 System windows directory: C:\WINDOWS
09:12:35.0343 4048 Processor architecture: Intel x86
09:12:35.0343 4048 Number of processors: 2
09:12:35.0343 4048 Page size: 0x1000
09:12:35.0343 4048 Boot type: Normal boot
09:12:35.0343 4048 ============================================================
09:12:37.0062 4048 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:12:37.0109 4048 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:12:37.0187 4048 ============================================================
09:12:37.0187 4048 \Device\Harddisk0\DR0:
09:12:37.0187 4048 MBR partitions:
09:12:37.0187 4048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
09:12:37.0187 4048 \Device\Harddisk1\DR1:
09:12:37.0187 4048 MBR partitions:
09:12:37.0187 4048 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
09:12:37.0187 4048 ============================================================
09:12:37.0234 4048 C: <-> \Device\Harddisk0\DR0\Partition0
09:12:37.0234 4048 D: <-> \Device\Harddisk1\DR1\Partition0
09:12:37.0234 4048 ============================================================
09:12:37.0234 4048 Initialize success
09:12:37.0234 4048 ============================================================
09:12:44.0484 3136 ============================================================
09:12:44.0484 3136 Scan started
09:12:44.0484 3136 Mode: Manual; SigCheck; TDLFS;
09:12:44.0484 3136 ============================================================
09:12:44.0812 3136 Abiosdsk - ok
09:12:44.0812 3136 abp480n5 - ok
09:12:44.0843 3136 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:12:44.0984 3136 ACPI - ok
09:12:45.0015 3136 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:12:45.0093 3136 ACPIEC - ok
09:12:45.0156 3136 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:12:45.0156 3136 AdobeFlashPlayerUpdateSvc - ok
09:12:45.0171 3136 adpu160m - ok
09:12:45.0187 3136 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:12:45.0250 3136 aec - ok
09:12:45.0265 3136 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:12:45.0296 3136 AFD - ok
09:12:45.0296 3136 Aha154x - ok
09:12:45.0296 3136 aic78u2 - ok
09:12:45.0296 3136 aic78xx - ok
09:12:45.0343 3136 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
09:12:45.0406 3136 Alerter - ok
09:12:45.0421 3136 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
09:12:45.0453 3136 ALG - ok
09:12:45.0453 3136 AliIde - ok
09:12:45.0515 3136 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
09:12:45.0906 3136 Ambfilt - ok
09:12:45.0937 3136 AmdK8 - ok
09:12:45.0953 3136 amsint - ok
09:12:46.0046 3136 AntiVirMailService (b9b5dfafea592bd4ca967824ebb42e3d) C:\Programme\Avira\AntiVir Desktop\avmailc.exe
09:12:46.0062 3136 AntiVirMailService - ok
09:12:46.0078 3136 AntiVirSchedulerService (67b1d78711b4386c26241096326ee14a) C:\Programme\Avira\AntiVir Desktop\sched.exe
09:12:46.0093 3136 AntiVirSchedulerService - ok
09:12:46.0109 3136 AntiVirService (845c4e7ae211edad5e0b832126f56932) C:\Programme\Avira\AntiVir Desktop\avguard.exe
09:12:46.0109 3136 AntiVirService - ok
09:12:46.0156 3136 AntiVirWebService (30d71e0c149943a8985d02ea0944f2fe) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
09:12:46.0156 3136 AntiVirWebService - ok
09:12:46.0187 3136 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
09:12:46.0234 3136 AppMgmt - ok
09:12:46.0234 3136 asc - ok
09:12:46.0234 3136 asc3350p - ok
09:12:46.0250 3136 asc3550 - ok
09:12:46.0312 3136 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:12:46.0312 3136 aspnet_state - ok
09:12:46.0343 3136 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:12:46.0390 3136 AsyncMac - ok
09:12:46.0406 3136 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:12:46.0484 3136 atapi - ok
09:12:46.0484 3136 Atdisk - ok
09:12:46.0515 3136 Ati HotKey Poller (43c1105ca8492931b45f1a090fa562c8) C:\WINDOWS\system32\Ati2evxx.exe
09:12:46.0531 3136 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning
09:12:46.0531 3136 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)
09:12:46.0687 3136 ati2mtag (c026951271d59ff97deb2a6b4895b416) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:12:46.0796 3136 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
09:12:46.0796 3136 ati2mtag - detected UnsignedFile.Multi.Generic (1)
09:12:46.0921 3136 AtiHdmiService (b9bc23b57765c167806a1feb7a3d16a6) C:\WINDOWS\system32\drivers\AtiHdmi.sys
09:12:46.0921 3136 AtiHdmiService - ok
09:12:46.0937 3136 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:12:47.0000 3136 Atmarpc - ok
09:12:47.0015 3136 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
09:12:47.0078 3136 AudioSrv - ok
09:12:47.0109 3136 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:12:47.0156 3136 audstub - ok
09:12:47.0171 3136 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
09:12:47.0187 3136 avgntflt - ok
09:12:47.0203 3136 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
09:12:47.0203 3136 avipbb - ok
09:12:47.0218 3136 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
09:12:47.0218 3136 avkmgr - ok
09:12:47.0234 3136 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:12:47.0281 3136 Beep - ok
09:12:47.0328 3136 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
09:12:47.0390 3136 BITS - ok
09:12:47.0406 3136 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
09:12:47.0468 3136 brfilt - ok
09:12:47.0484 3136 Brother XP spl Service (34f2f5b6a6d28b8fb872dfd57c5323ac) C:\WINDOWS\system32\brsvc01a.exe
09:12:47.0484 3136 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - warning
09:12:47.0484 3136 Brother XP spl Service - detected UnsignedFile.Multi.Generic (1)
09:12:47.0500 3136 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
09:12:47.0562 3136 Browser - ok
09:12:47.0593 3136 brparimg (e05d9eda91c1b2c4c4f6f5a6d5b14b58) C:\WINDOWS\system32\DRIVERS\BrParImg.sys
09:12:47.0640 3136 brparimg - ok
09:12:47.0687 3136 BrParWdm (19ec96ac43413d39fdac0449b5879339) C:\WINDOWS\system32\Drivers\BrParwdm.sys
09:12:47.0718 3136 BrParWdm - ok
09:12:47.0734 3136 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
09:12:47.0796 3136 BrSerWDM - ok
09:12:47.0812 3136 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
09:12:47.0859 3136 BrUsbMdm - ok
09:12:47.0875 3136 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
09:12:47.0921 3136 BrUsbScn - ok
09:12:47.0968 3136 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS
09:12:47.0984 3136 Cardex - ok
09:12:48.0000 3136 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:12:48.0046 3136 cbidf2k - ok
09:12:48.0062 3136 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:12:48.0125 3136 CCDECODE - ok
09:12:48.0140 3136 cd20xrnt - ok
09:12:48.0140 3136 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:12:48.0203 3136 Cdaudio - ok
09:12:48.0203 3136 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:12:48.0265 3136 Cdfs - ok
09:12:48.0281 3136 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:12:48.0343 3136 Cdrom - ok
09:12:48.0343 3136 Changer - ok
09:12:48.0359 3136 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
09:12:48.0421 3136 CiSvc - ok
09:12:48.0437 3136 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
09:12:48.0484 3136 ClipSrv - ok
09:12:48.0562 3136 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:12:48.0578 3136 clr_optimization_v2.0.50727_32 - ok
09:12:48.0578 3136 CmdIde - ok
09:12:48.0578 3136 COMSysApp - ok
09:12:48.0593 3136 Cpqarray - ok
09:12:48.0609 3136 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
09:12:48.0656 3136 CryptSvc - ok
09:12:48.0671 3136 dac2w2k - ok
09:12:48.0671 3136 dac960nt - ok
09:12:48.0703 3136 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
09:12:48.0734 3136 DcomLaunch - ok
09:12:48.0734 3136 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
09:12:48.0750 3136 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
09:12:48.0750 3136 DgiVecp - detected UnsignedFile.Multi.Generic (1)
09:12:48.0765 3136 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
09:12:48.0828 3136 Dhcp - ok
09:12:48.0828 3136 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:12:48.0890 3136 Disk - ok
09:12:48.0890 3136 dmadmin - ok
09:12:48.0921 3136 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
09:12:49.0000 3136 dmboot - ok
09:12:49.0015 3136 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
09:12:49.0062 3136 dmio - ok
09:12:49.0062 3136 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:12:49.0125 3136 dmload - ok
09:12:49.0125 3136 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
09:12:49.0187 3136 dmserver - ok
09:12:49.0218 3136 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:12:49.0265 3136 DMusic - ok
09:12:49.0281 3136 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
09:12:49.0312 3136 Dnscache - ok
09:12:49.0343 3136 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
09:12:49.0406 3136 Dot3svc - ok
09:12:49.0421 3136 dpti2o - ok
09:12:49.0421 3136 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:12:49.0468 3136 drmkaud - ok
09:12:49.0484 3136 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
09:12:49.0546 3136 EapHost - ok
09:12:49.0546 3136 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
09:12:49.0593 3136 ERSvc - ok
09:12:49.0625 3136 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
09:12:49.0625 3136 Eventlog - ok
09:12:49.0656 3136 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
09:12:49.0671 3136 EventSystem - ok
09:12:49.0703 3136 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:12:49.0750 3136 Fastfat - ok
09:12:49.0781 3136 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
09:12:49.0812 3136 FastUserSwitchingCompatibility - ok
09:12:49.0828 3136 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:12:49.0890 3136 Fdc - ok
09:12:49.0906 3136 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
09:12:49.0968 3136 Fips - ok
09:12:50.0093 3136 FLASHSYS (d3d9311624edd435f42cda7eaa0a6aed) C:\Programme\MSI\Live Update 4\LU4\FLASHSYS.sys
09:12:50.0093 3136 FLASHSYS ( UnsignedFile.Multi.Generic ) - warning
09:12:50.0093 3136 FLASHSYS - detected UnsignedFile.Multi.Generic (1)
09:12:50.0109 3136 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:12:50.0171 3136 Flpydisk - ok
09:12:50.0218 3136 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:12:50.0265 3136 FltMgr - ok
09:12:50.0375 3136 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:12:50.0375 3136 FontCache3.0.0.0 - ok
09:12:50.0406 3136 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:12:50.0468 3136 Fs_Rec - ok
09:12:50.0468 3136 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:12:50.0531 3136 Ftdisk - ok
09:12:50.0546 3136 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
09:12:50.0562 3136 gdrv - ok
09:12:50.0578 3136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:12:50.0578 3136 GEARAspiWDM - ok
09:12:50.0593 3136 GenericMount (69f8f310654d699c7e5bd5c67279980f) C:\WINDOWS\system32\DRIVERS\GenericMount.sys
09:12:50.0609 3136 GenericMount - ok
09:12:50.0687 3136 GenericMount Helper Service (5f0f786d91087c0a76c3ef689a51ca48) C:\Programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
09:12:50.0718 3136 GenericMount Helper Service - ok
09:12:50.0734 3136 GMSIPCI - ok
09:12:50.0796 3136 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:12:50.0875 3136 Gpc - ok
09:12:50.0953 3136 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
09:12:50.0968 3136 gupdate - ok
09:12:50.0968 3136 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
09:12:50.0968 3136 gupdatem - ok
09:12:50.0984 3136 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:12:51.0062 3136 HDAudBus - ok
09:12:51.0109 3136 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:12:51.0171 3136 helpsvc - ok
09:12:51.0187 3136 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
09:12:51.0250 3136 HidServ - ok
09:12:51.0265 3136 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:12:51.0328 3136 hidusb - ok
09:12:51.0343 3136 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
09:12:51.0406 3136 hkmsvc - ok
09:12:51.0406 3136 hpn - ok
09:12:51.0437 3136 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:12:51.0468 3136 HTTP - ok
09:12:51.0484 3136 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
09:12:51.0546 3136 HTTPFilter - ok
09:12:51.0546 3136 i2omgmt - ok
09:12:51.0562 3136 i2omp - ok
09:12:51.0562 3136 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:12:51.0625 3136 i8042prt - ok
09:12:51.0781 3136 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:12:51.0796 3136 idsvc - ok
09:12:51.0812 3136 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:12:51.0859 3136 Imapi - ok
09:12:51.0890 3136 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
09:12:51.0953 3136 ImapiService - ok
09:12:51.0953 3136 ini910u - ok
09:12:52.0125 3136 IntcAzAudAddService (1f46c4aee30e8a2ec20011f2e64d367e) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:12:52.0250 3136 IntcAzAudAddService - ok
09:12:52.0328 3136 IntelIde - ok
09:12:52.0328 3136 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:12:52.0390 3136 intelppm - ok
09:12:52.0406 3136 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:12:52.0468 3136 Ip6Fw - ok
09:12:52.0484 3136 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:12:52.0531 3136 IpFilterDriver - ok
09:12:52.0531 3136 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:12:52.0593 3136 IpInIp - ok
09:12:52.0609 3136 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:12:52.0671 3136 IpNat - ok
09:12:52.0671 3136 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:12:52.0734 3136 IPSec - ok
09:12:52.0750 3136 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:12:52.0781 3136 IRENUM - ok
09:12:52.0796 3136 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:12:52.0859 3136 isapnp - ok
09:12:52.0921 3136 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
09:12:52.0937 3136 JavaQuickStarterService - ok
09:12:52.0953 3136 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:12:53.0015 3136 Kbdclass - ok
09:12:53.0015 3136 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:12:53.0078 3136 kbdhid - ok
09:12:53.0109 3136 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:12:53.0171 3136 kmixer - ok
09:12:53.0187 3136 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:12:53.0218 3136 KSecDD - ok
09:12:53.0234 3136 L1c (573337205057e22e13da1ffbc66a8aaf) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
09:12:53.0250 3136 L1c - ok
09:12:53.0281 3136 LanmanServer (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
09:12:53.0312 3136 LanmanServer - ok
09:12:53.0359 3136 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
09:12:53.0375 3136 lanmanworkstation - ok
09:12:53.0375 3136 lbrtfdc - ok
09:12:53.0546 3136 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
09:12:53.0625 3136 LiveUpdate - ok
09:12:53.0750 3136 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
09:12:53.0796 3136 LmHosts - ok
09:12:53.0859 3136 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
09:12:53.0859 3136 MBAMProtector - ok
09:12:53.0953 3136 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
09:12:53.0968 3136 MBAMService - ok
09:12:54.0015 3136 MDM (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
09:12:54.0031 3136 MDM - ok
09:12:54.0046 3136 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
09:12:54.0109 3136 Messenger - ok
09:12:54.0140 3136 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
09:12:54.0203 3136 mf - ok
09:12:54.0234 3136 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:12:54.0281 3136 mnmdd - ok
09:12:54.0328 3136 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
09:12:54.0390 3136 mnmsrvc - ok
09:12:54.0421 3136 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
09:12:54.0468 3136 Modem - ok
09:12:54.0531 3136 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
09:12:54.0562 3136 Monfilt - ok
09:12:54.0578 3136 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:12:54.0640 3136 Mouclass - ok
09:12:54.0640 3136 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:12:54.0703 3136 mouhid - ok
09:12:54.0718 3136 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:12:54.0781 3136 MountMgr - ok
09:12:54.0812 3136 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
09:12:54.0812 3136 MozillaMaintenance - ok
09:12:54.0828 3136 mraid35x - ok
09:12:54.0843 3136 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:12:54.0890 3136 MRxDAV - ok
09:12:54.0937 3136 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:12:54.0968 3136 MRxSmb - ok
09:12:55.0000 3136 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
09:12:55.0062 3136 MSDTC - ok
09:12:55.0062 3136 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:12:55.0125 3136 Msfs - ok
09:12:55.0125 3136 MSIServer - ok
09:12:55.0156 3136 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:12:55.0218 3136 MSKSSRV - ok
09:12:55.0234 3136 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:12:55.0281 3136 MSPCLOCK - ok
09:12:55.0296 3136 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:12:55.0343 3136 MSPQM - ok
09:12:55.0343 3136 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:12:55.0406 3136 mssmbios - ok
09:12:55.0437 3136 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:12:55.0484 3136 MSTEE - ok
09:12:55.0500 3136 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
09:12:55.0531 3136 MTsensor - ok
09:12:55.0562 3136 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:12:55.0593 3136 Mup - ok
09:12:55.0625 3136 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:12:55.0671 3136 NABTSFEC - ok
09:12:55.0687 3136 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
09:12:55.0750 3136 napagent - ok
09:12:55.0765 3136 NasPmService - ok
09:12:55.0781 3136 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:12:55.0843 3136 NDIS - ok
09:12:55.0859 3136 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:12:55.0906 3136 NdisIP - ok
09:12:55.0984 3136 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:12:56.0000 3136 NdisTapi - ok
09:12:56.0015 3136 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:12:56.0078 3136 Ndisuio - ok
09:12:56.0093 3136 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:12:56.0140 3136 NdisWan - ok
09:12:56.0187 3136 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:12:56.0203 3136 NDProxy - ok
09:12:56.0218 3136 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:12:56.0265 3136 NetBIOS - ok
09:12:56.0281 3136 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:12:56.0343 3136 NetBT - ok
09:12:56.0359 3136 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
09:12:56.0406 3136 NetDDE - ok
09:12:56.0406 3136 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
09:12:56.0468 3136 NetDDEdsdm - ok
09:12:56.0484 3136 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:12:56.0531 3136 Netlogon - ok
09:12:56.0546 3136 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
09:12:56.0609 3136 Netman - ok
09:12:56.0734 3136 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:12:56.0734 3136 NetTcpPortSharing - ok
09:12:56.0765 3136 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
09:12:56.0781 3136 Nla - ok
09:12:56.0937 3136 Norton Ghost (a1787754952a0b700e386dc7c5fa5726) C:\Programme\Norton Ghost\Agent\VProSvc.exe
09:12:57.0031 3136 Norton Ghost - ok
09:12:57.0140 3136 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:12:57.0203 3136 Npfs - ok
09:12:57.0203 3136 NTACCESS - ok
09:12:57.0234 3136 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:12:57.0296 3136 Ntfs - ok
09:12:57.0312 3136 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:12:57.0359 3136 NtLmSsp - ok
09:12:57.0406 3136 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
09:12:57.0453 3136 NtmsSvc - ok
09:12:57.0468 3136 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:12:57.0531 3136 Null - ok
09:12:57.0546 3136 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:12:57.0609 3136 NwlnkFlt - ok
09:12:57.0609 3136 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:12:57.0656 3136 NwlnkFwd - ok
09:12:57.0781 3136 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
09:12:57.0796 3136 odserv - ok
09:12:57.0812 3136 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
09:12:57.0828 3136 ose - ok
09:12:57.0953 3136 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:12:58.0062 3136 osppsvc - ok
09:12:58.0171 3136 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
09:12:58.0234 3136 Parport - ok
09:12:58.0250 3136 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:12:58.0312 3136 PartMgr - ok
09:12:58.0328 3136 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
09:12:58.0390 3136 ParVdm - ok
09:12:58.0406 3136 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
09:12:58.0468 3136 PCI - ok
09:12:58.0468 3136 PCIDump - ok
09:12:58.0468 3136 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:12:58.0531 3136 PCIIde - ok
09:12:58.0546 3136 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:12:58.0609 3136 Pcmcia - ok
09:12:58.0609 3136 PDCOMP - ok
09:12:58.0609 3136 PDFRAME - ok
09:12:58.0609 3136 PDRELI - ok
09:12:58.0625 3136 PDRFRAME - ok
09:12:58.0625 3136 perc2 - ok
09:12:58.0625 3136 perc2hib - ok
09:12:58.0671 3136 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
09:12:58.0671 3136 PlugPlay - ok
09:12:58.0671 3136 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:12:58.0734 3136 PolicyAgent - ok
09:12:58.0750 3136 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:12:58.0796 3136 PptpMiniport - ok
09:12:58.0828 3136 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
09:12:58.0890 3136 Processor - ok
09:12:58.0890 3136 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:12:58.0937 3136 ProtectedStorage - ok
09:12:58.0953 3136 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:12:59.0015 3136 PSched - ok
09:12:59.0031 3136 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:12:59.0078 3136 Ptilink - ok
09:12:59.0093 3136 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:12:59.0093 3136 PxHelp20 - ok
09:12:59.0109 3136 ql1080 - ok
09:12:59.0109 3136 Ql10wnt - ok
09:12:59.0109 3136 ql12160 - ok
09:12:59.0109 3136 ql1240 - ok
09:12:59.0125 3136 ql1280 - ok
09:12:59.0140 3136 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:12:59.0187 3136 RasAcd - ok
09:12:59.0203 3136 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
09:12:59.0265 3136 RasAuto - ok
09:12:59.0265 3136 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:12:59.0328 3136 Rasl2tp - ok
09:12:59.0343 3136 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
09:12:59.0390 3136 RasMan - ok
09:12:59.0406 3136 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:12:59.0453 3136 RasPppoe - ok
09:12:59.0453 3136 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:12:59.0515 3136 Raspti - ok
09:12:59.0531 3136 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:12:59.0578 3136 Rdbss - ok
09:12:59.0578 3136 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:12:59.0640 3136 RDPCDD - ok
09:12:59.0671 3136 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:12:59.0718 3136 rdpdr - ok
09:12:59.0750 3136 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
09:12:59.0781 3136 RDPWD - ok
09:12:59.0796 3136 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
09:12:59.0843 3136 RDSessMgr - ok
09:12:59.0859 3136 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:12:59.0906 3136 redbook - ok
09:12:59.0937 3136 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
09:12:59.0984 3136 RemoteAccess - ok
09:13:00.0000 3136 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
09:13:00.0062 3136 RemoteRegistry - ok
09:13:00.0062 3136 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
09:13:00.0125 3136 RpcLocator - ok
09:13:00.0156 3136 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
09:13:00.0171 3136 RpcSs - ok
09:13:00.0187 3136 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
09:13:00.0234 3136 RSVP - ok
09:13:00.0265 3136 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:13:00.0312 3136 SamSs - ok
09:13:00.0328 3136 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
09:13:00.0390 3136 SCardSvr - ok
09:13:00.0406 3136 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
09:13:00.0453 3136 Schedule - ok
09:13:00.0468 3136 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:13:00.0500 3136 Secdrv - ok
09:13:00.0500 3136 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
09:13:00.0562 3136 seclogon - ok
09:13:00.0562 3136 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
09:13:00.0625 3136 SENS - ok
09:13:00.0625 3136 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:13:00.0671 3136 serenum - ok
09:13:00.0687 3136 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
09:13:00.0734 3136 Serial - ok
09:13:00.0750 3136 SetupNTGLM7X - ok
09:13:00.0750 3136 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:13:00.0812 3136 Sfloppy - ok
09:13:00.0843 3136 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
09:13:00.0843 3136 ShellHWDetection - ok
09:13:00.0843 3136 Simbad - ok
09:13:00.0875 3136 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:13:00.0921 3136 SLIP - ok
09:13:00.0937 3136 Sparrow - ok
09:13:00.0968 3136 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:13:01.0015 3136 splitter - ok
09:13:01.0031 3136 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:13:01.0062 3136 Spooler - ok
09:13:01.0078 3136 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
09:13:01.0109 3136 sr - ok
09:13:01.0125 3136 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
09:13:01.0156 3136 srservice - ok
09:13:01.0171 3136 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:13:01.0203 3136 Srv - ok
09:13:01.0265 3136 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
09:13:01.0296 3136 SSDPSRV - ok
09:13:01.0312 3136 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:13:01.0312 3136 ssmdrv - ok
09:13:01.0312 3136 SSPORT - ok
09:13:01.0343 3136 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
09:13:01.0390 3136 stisvc - ok
09:13:01.0421 3136 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:13:01.0468 3136 streamip - ok
09:13:01.0484 3136 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:13:01.0546 3136 swenum - ok
09:13:01.0562 3136 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:13:01.0609 3136 swmidi - ok
09:13:01.0609 3136 SwPrv - ok
09:13:01.0625 3136 Symantec SymSnap VSS Provider - ok
09:13:01.0625 3136 symc810 - ok
09:13:01.0625 3136 symc8xx - ok
09:13:01.0640 3136 symsnap (a5cf31080e99718949bcc38c83f13452) C:\WINDOWS\system32\DRIVERS\symsnap.sys
09:13:01.0656 3136 symsnap - ok
09:13:01.0765 3136 SymSnapService (21ff886e6f679fc1eb352f231e846357) C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe
09:13:01.0812 3136 SymSnapService - ok
09:13:01.0906 3136 sym_hi - ok
09:13:01.0906 3136 sym_u3 - ok
09:13:01.0937 3136 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:13:01.0984 3136 sysaudio - ok
09:13:02.0000 3136 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
09:13:02.0062 3136 SysmonLog - ok
09:13:02.0078 3136 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
09:13:02.0140 3136 TapiSrv - ok
09:13:02.0171 3136 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys
09:13:02.0171 3136 TBPanel - ok
09:13:02.0218 3136 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:13:02.0234 3136 Tcpip - ok
09:13:02.0250 3136 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:13:02.0296 3136 TDPIPE - ok
09:13:02.0328 3136 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:13:02.0375 3136 TDTCP - ok
09:13:02.0390 3136 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:13:02.0437 3136 TermDD - ok
09:13:02.0468 3136 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
09:13:02.0531 3136 TermService - ok
09:13:02.0562 3136 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
09:13:02.0562 3136 Themes - ok
09:13:02.0593 3136 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
09:13:02.0625 3136 TlntSvr - ok
09:13:02.0687 3136 TomTomHOMEService (747e60b773e95f6c93d5621b550d6865) C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
09:13:02.0703 3136 TomTomHOMEService - ok
09:13:02.0703 3136 TosIde - ok
09:13:02.0718 3136 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
09:13:02.0765 3136 TrkWks - ok
09:13:02.0796 3136 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:13:02.0859 3136 Udfs - ok
09:13:02.0859 3136 ultra - ok
09:13:02.0890 3136 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
09:13:02.0921 3136 UMWdf - ok
09:13:02.0953 3136 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:13:03.0015 3136 Update - ok
09:13:03.0046 3136 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
09:13:03.0078 3136 upnphost - ok
09:13:03.0093 3136 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
09:13:03.0140 3136 UPS - ok
09:13:03.0187 3136 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:13:03.0234 3136 usbccgp - ok
09:13:03.0265 3136 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:13:03.0312 3136 usbehci - ok
09:13:03.0328 3136 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:13:03.0390 3136 usbhub - ok
09:13:03.0406 3136 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:13:03.0468 3136 usbohci - ok
09:13:03.0484 3136 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:13:03.0531 3136 usbprint - ok
09:13:03.0562 3136 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:13:03.0625 3136 usbscan - ok
09:13:03.0640 3136 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:13:03.0703 3136 USBSTOR - ok
09:13:03.0703 3136 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:13:03.0750 3136 usbuhci - ok
09:13:03.0765 3136 v2imount (b4d63048d6358e7c6ab61b98b8cff263) C:\WINDOWS\system32\DRIVERS\v2imount.sys
09:13:03.0781 3136 v2imount - ok
09:13:03.0796 3136 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:13:03.0859 3136 VgaSave - ok
09:13:03.0859 3136 ViaIde - ok
09:13:03.0890 3136 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
09:13:03.0937 3136 VolSnap - ok
09:13:03.0968 3136 VProEventMonitor (ef3506b04eb9124240b35148eaacbaa5) C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys
09:13:03.0984 3136 VProEventMonitor - ok
09:13:04.0000 3136 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
09:13:04.0031 3136 VSS - ok
09:13:04.0046 3136 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
09:13:04.0093 3136 W32Time - ok
09:13:04.0109 3136 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:13:04.0156 3136 Wanarp - ok
09:13:04.0187 3136 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:13:04.0187 3136 Wdf01000 - ok
09:13:04.0203 3136 WDICA - ok
09:13:04.0234 3136 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:13:04.0281 3136 wdmaud - ok
09:13:04.0312 3136 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
09:13:04.0359 3136 WebClient - ok
09:13:04.0390 3136 WimFltr (090a2b8f055343815556a01f725f6c35) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
09:13:04.0390 3136 WimFltr - ok
09:13:04.0453 3136 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:13:04.0515 3136 winmgmt - ok
09:13:04.0546 3136 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
09:13:04.0578 3136 WmdmPmSN - ok
09:13:04.0625 3136 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
09:13:04.0640 3136 Wmi - ok
09:13:04.0671 3136 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:13:04.0734 3136 WmiApSrv - ok
09:13:04.0750 3136 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:13:04.0796 3136 WS2IFSL - ok
09:13:04.0828 3136 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:13:04.0875 3136 WSTCODEC - ok
09:13:04.0890 3136 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
09:13:04.0953 3136 wuauserv - ok
09:13:05.0000 3136 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
09:13:05.0062 3136 WZCSVC - ok
09:13:05.0078 3136 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
09:13:05.0140 3136 xmlprov - ok
09:13:05.0156 3136 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
09:13:05.0484 3136 \Device\Harddisk0\DR0 - ok
09:13:05.0500 3136 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
09:13:05.0593 3136 \Device\Harddisk1\DR1 - ok
09:13:05.0593 3136 Boot (0x1200) (868e012d973accae0d1592423c8d42ba) \Device\Harddisk0\DR0\Partition0
09:13:05.0593 3136 \Device\Harddisk0\DR0\Partition0 - ok
09:13:05.0593 3136 Boot (0x1200) (7c30346982fc42fe47caf34a0f71cfd0) \Device\Harddisk1\DR1\Partition0
09:13:05.0593 3136 \Device\Harddisk1\DR1\Partition0 - ok
09:13:05.0593 3136 ============================================================
09:13:05.0593 3136 Scan finished
09:13:05.0593 3136 ============================================================
09:13:05.0703 1036 Detected object count: 5
09:13:05.0703 1036 Actual detected object count: 5
09:13:25.0250 1036 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user
09:13:25.0250 1036 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:13:25.0265 1036 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
09:13:25.0265 1036 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:13:25.0265 1036 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:13:25.0265 1036 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:13:25.0265 1036 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
09:13:25.0265 1036 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:13:25.0265 1036 FLASHSYS ( UnsignedFile.Multi.Generic ) - skipped by user
09:13:25.0265 1036 FLASHSYS ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von juzi74 (28.06.2012 um 08:15 Uhr) |
|
28.06.2012, 09:12
| #2 |
  | TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität Hi,
__________________für Firmenrechner machen wir hier eigentlich nichts, das ist der Sysadmin zuständig... Ist doch ein Firmenrechner oder? ;o) chris
__________________ |
|
28.06.2012, 09:19
| #3 |
| | TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität Das ist ein Büro Rechner eines gemeinnützigen Vereins, Träger eines Jugendzentrums... Einen SysAdmin gibts hier leider nicht, das wäre zu schön
__________________ |
|
28.06.2012, 09:45
| #4 |
| | TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität Hi, MAM alles bereinigen lassen und ein neues OTL-Log erstellen&posten... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
28.06.2012, 10:24
| #5 |
| | TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität Vielen Dank schonmal im voraus für die Hilfe... Folgendes habe ich gemacht, einige Merkwürdigkeiten liefen dabei ab: 1. Quick Scan mit MAM gestartet --> 5 infizierte Objekte 2. Entferne Auswahl geklickt 3. MAM fordert Neustart 4. Nach dem Neustart meldet MAM erneut Fund von Trojan Sirefef und Rootkit.0ACCESS. Habe auf Quarnatäne geklickt. Avira meldet ebenfalls 2 Funde. 4. MAM + AVIRA deaktivert und OTL Quick Scan gestartet. Während des Scans meldet MAM zweimal beim Systray: "Zugang zu einer potenziell gefährlichen Webseite gestoppt" 89.28.19.174 und 109.236.84.71 5. Nach dem Scan AVIRA und MAM wieder aktiviert, Firefox gestartet. 6. Beim Schreiben dieses Textes öffnet sich ein Fenster "Datenausführungsverhinderung: Editor wird aus Sicherheitgründen geschlossen" (Die Log Datei war im Hintergrund noch geöffnet.) Hier das LOG des letzten OTL Scans: Code:
ATTFilter OTL logfile created on: 28.06.2012 11:07:34 - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Dokumente und Einstellungen\admin\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 75,44% Memory free 5,34 Gb Paging File | 4,52 Gb Available in Paging File | 84,69% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 931,50 Gb Total Space | 899,11 Gb Free Space | 96,52% Space Free | Partition Type: NTFS Drive D: | 931,50 Gb Total Space | 651,39 Gb Free Space | 69,93% Space Free | Partition Type: NTFS Computer Name: BUERO-1 | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.27 11:19:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe PRC - [2012.05.14 16:03:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.14 16:03:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.14 16:03:03 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Programme\Avira\AntiVir Desktop\avcenter.exe PRC - [2012.05.14 16:03:03 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.14 16:03:03 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.14 16:03:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.14 16:03:03 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.04 16:05:46 | 000,932,528 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.12.09 19:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2011.10.31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe PRC - [2011.10.27 11:17:20 | 001,927,120 | ---- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\NasNavi.exe PRC - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010.03.03 19:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProTray.exe PRC - [2010.03.03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProSvc.exe PRC - [2009.09.21 20:19:20 | 001,964,528 | ---- | M] (Symantec) -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe PRC - [2009.05.15 10:37:00 | 000,206,128 | ---- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\nassche.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.11 02:17:30 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe PRC - [2001.08.18 04:54:46 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfRsmg.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 08:56:45 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012.06.14 08:15:20 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.06.14 08:14:27 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.06.13 13:31:18 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.05.14 16:03:04 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.05.11 12:49:16 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.11 12:49:01 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll MOD - [2012.05.10 14:43:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.10 14:42:39 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.10 14:42:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.05.04 16:05:46 | 000,932,528 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.03.14 18:18:51 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3748.36848__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2011.03.14 18:18:51 | 000,380,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3748.36826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2011.03.14 18:18:51 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2011.03.14 18:18:51 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:51 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2011.03.14 18:18:51 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:51 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2011.03.14 18:18:51 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3748.36875__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2011.03.14 18:18:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2011.03.14 18:18:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2011.03.14 18:18:50 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:50 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TutorialInfoCentre.Graphics.Dashboard\2.0.3748.36964__90ba9c70f846762e\CLI.Aspect.TutorialInfoCentre.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2011.03.14 18:18:50 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3748.36931__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:50 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2011.03.14 18:18:50 | 000,013,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll MOD - [2011.03.14 18:18:50 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2011.03.14 18:18:49 | 000,655,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3748.36942__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:49 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2011.03.14 18:18:48 | 000,856,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3748.36878__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:48 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3748.36851__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:48 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3748.36900__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2011.03.14 18:18:48 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3748.36838__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:48 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:48 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2011.03.14 18:18:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2011.03.14 18:18:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3748.36855__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2011.03.14 18:18:47 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:47 | 000,376,832 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3748.36871__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:47 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011.03.14 18:18:47 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2011.03.14 18:18:47 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2011.03.14 18:18:47 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3748.36884__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2011.03.14 18:18:47 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3748.36820__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2011.03.14 18:18:47 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3748.36817__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2011.03.14 18:18:47 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2011.03.14 18:18:47 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2011.03.14 18:18:47 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2011.03.14 18:18:46 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3748.36815__90ba9c70f846762e\LOG.Foundation.dll MOD - [2011.03.14 18:18:46 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3748.36816__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2011.03.14 18:18:46 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2011.03.14 18:18:46 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3748.36928__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2011.03.14 18:18:46 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3748.36819__90ba9c70f846762e\MOM.Foundation.dll MOD - [2011.03.14 18:18:46 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3748.36826__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2011.03.14 18:18:45 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3748.36819__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2011.03.14 18:18:45 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3748.36816__90ba9c70f846762e\CLI.Foundation.dll MOD - [2011.03.14 18:18:45 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2011.03.14 18:18:45 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2011.03.14 18:18:45 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2011.03.14 18:18:45 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3748.36923__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2011.03.14 18:18:45 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2011.03.14 18:18:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2011.03.14 18:18:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2011.03.14 18:18:45 | 000,009,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2011.03.14 18:18:45 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3748.36817__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2011.03.14 18:18:45 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3748.36825__90ba9c70f846762e\DEM.Graphics.dll MOD - [2011.03.14 18:18:45 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3748.36820__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2011.03.14 18:18:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3748.36867__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3748.36882__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3748.36825__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2011.03.14 18:18:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3748.36817__90ba9c70f846762e\APM.Foundation.dll MOD - [2011.03.14 18:18:44 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3748.36822__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2011.03.14 18:18:43 | 000,741,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3748.36957__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2011.03.14 18:18:43 | 000,577,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3748.36917__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2011.03.14 18:18:43 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2011.03.14 18:18:43 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3748.36923__90ba9c70f846762e\MOM.Implementation.dll MOD - [2011.03.14 18:18:43 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3748.36921__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2011.03.14 18:18:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2011.03.14 18:18:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3748.36820__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2011.03.14 18:18:43 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3748.36818__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2011.03.14 18:18:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3748.36819__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2011.03.14 18:18:43 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2011.03.14 18:18:43 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2011.03.14 18:18:43 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3748.36842__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2011.03.14 18:18:43 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3748.36824__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2011.03.14 18:18:43 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3748.36822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2011.03.14 18:18:42 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3748.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2011.03.14 18:18:42 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3748.36824__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2011.03.14 18:18:42 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3748.36825__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2011.03.14 18:18:42 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3748.36821__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2011.03.14 18:18:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3748.36830__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2011.03.14 18:18:42 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3748.36831__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2011.03.14 18:18:41 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3748.36823__90ba9c70f846762e\APM.Server.dll MOD - [2011.03.14 18:18:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3748.36822__90ba9c70f846762e\AEM.Server.dll MOD - [2011.03.14 18:18:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2011.03.14 18:18:41 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3748.36923__90ba9c70f846762e\CCC.Implementation.dll MOD - [2011.03.14 18:18:41 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3748.36849__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.01.08 15:15:34 | 001,552,384 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009.05.26 20:15:36 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.05.26 20:15:35 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.02.11 02:17:30 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe MOD - [2007.06.03 09:46:31 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\cl66cl3.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.25 13:46:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.22 12:26:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.14 16:03:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.14 16:03:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.14 16:03:03 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.14 16:03:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.10.31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.03.03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost) SRV - [2010.02.12 07:09:06 | 001,574,408 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.09.21 20:19:20 | 001,964,528 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService) SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\AmdK8.sys -- (AmdK8) DRV - [2012.05.14 16:03:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.14 16:03:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.10.11 16:06:12 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.20 10:44:24 | 006,026,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010.04.08 10:11:36 | 000,101,904 | R--- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.04.07 04:42:04 | 004,687,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2010.02.12 07:10:12 | 000,057,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GenericMount.sys -- (GenericMount) DRV - [2009.11.18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.11.18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009.10.01 22:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.09.21 20:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor) DRV - [2009.09.21 20:20:42 | 000,138,592 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap) DRV - [2009.09.04 07:46:08 | 000,045,056 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2009.05.27 13:24:29 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2008.04.14 08:03:54 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf) DRV - [2008.01.19 19:45:40 | 000,038,112 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount) DRV - [2007.12.14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS) DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex) DRV - [2006.11.24 04:34:54 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2001.08.18 05:21:04 | 000,039,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParwdm.sys -- (BrParWdm) Brother WDM-Treiber (parallel) DRV - [2001.08.17 14:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParImg.sys -- (brparimg) DRV - [2001.08.17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn) Brother MFC-Scannertreiber (USB) DRV - [2001.08.17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://groupware.vfs-langenhagen.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.22 12:26:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.13 15:39:36 | 000,000,000 | ---D | M] [2010.12.02 11:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Extensions [2010.12.02 11:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2012.05.02 14:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yx8gn338.default\extensions [2010.07.02 14:23:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yx8gn338.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.06.08 14:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Sunbird\Profiles\6iyd0i52.default\extensions [2012.05.04 14:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.14 14:17:48 | 000,709,293 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\YX8GN338.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2012.06.22 12:26:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.04.11 13:12:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2012.06.22 12:26:20 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.22 12:26:20 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.22 12:26:20 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.22 12:26:20 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.22 12:26:20 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.22 12:26:20 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001.08.31 23:23:36 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Programme\Norton Ghost\Agent\VProTray.exe (Symantec Corporation) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Spotify Web Helper] C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe () O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\BUFFALO NAS Navigator2.lnk = C:\Programme\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.) O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\NAS Scheduler.lnk = C:\Programme\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Quicken 2009 Zahlungserinnerung.lnk = C:\Programme\Quicken\2009\billmind.exe (Lexware GmbH & Co. KG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 80 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99277728-F2C2-46E7-B3A0-2E8743EA09DC}: NameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009.05.19 18:28:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{112181fa-a3a1-11df-9df5-00241d126e9d}\Shell - "" = AutoRun O33 - MountPoints2\{112181fa-a3a1-11df-9df5-00241d126e9d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{112181fa-a3a1-11df-9df5-00241d126e9d}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1 O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Bin\Assetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.28 10:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2012.06.28 09:07:11 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\admin\Desktop\TDSSKiller.exe [2012.06.27 11:41:20 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe [2012.06.27 10:13:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Malwarebytes [2012.06.27 10:13:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.27 10:13:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.27 10:13:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.06.27 10:13:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.27 09:50:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2012.06.04 13:03:02 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox [2012.05.31 10:29:28 | 000,000,000 | ---D | C] -- C:\Programme\Canon [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.28 11:12:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.06.28 11:03:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.28 11:03:21 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.06.28 11:03:18 | 000,002,644 | ---- | M] () -- C:\WINDOWS\BRMFBIDI.INI [2012.06.28 11:03:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.28 11:02:39 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX [2012.06.28 10:46:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.27 11:40:37 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\defogger_reenable [2012.06.27 11:19:52 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\yqmpbmgg.exe [2012.06.27 11:19:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe [2012.06.27 10:13:33 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.25 21:19:12 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\admin\Desktop\TDSSKiller.exe [2012.06.21 09:39:37 | 000,035,328 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.14 08:13:18 | 000,377,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.13 13:31:31 | 000,499,742 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.13 13:31:31 | 000,475,446 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.13 13:31:31 | 000,101,642 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.13 13:31:31 | 000,084,976 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.13 13:28:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.06.04 13:03:10 | 000,001,034 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\Dropbox.lnk [2012.06.04 13:02:54 | 000,001,026 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Dropbox.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.28 11:08:42 | 000,018,944 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\800000cb.@ [2012.06.28 11:08:42 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\80000000.@ [2012.06.28 11:04:26 | 000,001,648 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\00000001.@ [2012.06.27 11:57:29 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\yqmpbmgg.exe [2012.06.27 11:40:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\defogger_reenable [2012.06.27 10:13:33 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.17 15:34:08 | 000,015,022 | ---- | C] () -- C:\WINDOWS\UN060501.INI [2012.02.15 16:17:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.31 18:12:44 | 000,001,040 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\advanced_ip_scanner_MAC.bin [2011.07.08 15:19:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2011.05.12 13:43:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2011.04.26 17:09:48 | 000,000,019 | ---- | C] () -- C:\WINDOWS\QwTools.INI [2011.03.14 18:17:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011.03.14 18:17:24 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011.03.14 18:17:24 | 000,202,234 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.03.14 18:17:24 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2011.03.14 18:17:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2011.03.14 18:17:00 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2011.03.14 17:44:23 | 000,021,536 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011.03.14 17:44:22 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011.03.14 17:37:13 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2011.03.14 17:33:00 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2010.12.02 14:18:46 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage3.dll [2010.12.02 14:18:46 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll [2010.12.02 14:18:46 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll [2010.12.02 14:18:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe [2010.12.02 13:54:19 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SW_Win9423X24.DLL [2010.11.18 15:49:18 | 000,000,374 | ---- | C] () -- C:\WINDOWS\capture.ini [2010.08.20 11:45:47 | 000,000,014 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\usb001 [2010.07.27 23:16:22 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_9880.ini [2010.07.27 23:16:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2010.07.22 22:02:00 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD5250DN.DAT [2010.06.11 15:46:23 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2009.07.02 11:03:38 | 000,013,017 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Kommagetrennte Werte (Windows).CAL [2009.06.05 13:53:36 | 000,035,328 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.27 15:31:59 | 000,000,512 | ---- | C] () -- C:\Programme\hbedv.key [2009.05.27 13:39:16 | 003,211,264 | ---- | C] () -- C:\Programme\Gemeinsame DateienDDBACSetup.msi [2009.05.20 13:12:06 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.04.14 07:51:54 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@ [2008.04.14 07:51:54 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@ ========== LOP Check ========== [2009.05.27 13:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Buhl Data Service [2010.11.15 14:07:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Buhl Data Service GmbH [2012.02.21 16:59:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\DL [2012.06.28 11:03:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox [2012.06.13 13:22:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\FileZilla [2010.03.18 11:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\fotobuch.de AG [2012.03.01 19:09:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\FreeFileSync [2011.11.22 15:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\InfoRapid KnowledgeMap [2009.05.20 13:12:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\IsolatedStorage [2009.05.27 13:38:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Lexware [2012.02.17 16:52:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\MediaMonkey [2012.04.17 15:35:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\NASNaviator2 [2010.07.13 19:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Notepad++ [2009.06.11 09:35:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\OfficeUpdate12 [2012.06.27 11:57:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify [2012.02.10 16:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\streamripper [2010.12.02 11:19:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\TomTom [2009.05.27 13:46:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2010.03.18 11:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotobuch.de AG [2009.05.27 13:38:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2012.02.10 17:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MediaMonkey [2010.11.18 15:48:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2010.12.02 11:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2011.04.18 14:49:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} ========== Purity Check ========== < End of report > |
|
28.06.2012, 10:34
| #6 |
| | TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität Hi, ComboFix (s. U.) runterladen, aber nicht starten... Script für OTL abfahren, offline gehen, Rechner in den abgesicherten Modus (F8 beim Booten) hochfahren, dann offline CF starten.. Danach immer noch Offline ein Fullscan mit MAM. Alle Logs sichern, danach online gehen und posten, ebenfalls ein neues OTL-Log erstellen und posten... Fix für OTL:
 Code:
ATTFilter
:OTL
[2008.04.14 07:51:54 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@
[2008.04.14 07:51:54 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@
[2012.06.28 11:08:42 | 000,018,944 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\800000cb.@
[2012.06.28 11:08:42 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\80000000.@
[2012.06.28 11:04:26 | 000,001,648 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\00000001.@
[2012.06.27 11:57:29 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\yqmpbmgg.exe
:Commands
[emptytemp]
[Reboot]
Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... chris
__________________ --> TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität |
|
28.06.2012, 11:09
| #7 |
| | TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität Ich habe OTL gestartet und den Code in die Benutzerdefinierten Scans/Fixes kopiert, dann auf FIX geklickt. Jetzt steht in der Statusbar unten bei OTL sein bald 15 Minuten "Killing processes. DO NOT INTERRUPT...". Ist das richtig, dass der Killing process so lange dauert? Avira ist derweil auch wieder aufgepoppt, kann es sein das Avira da im Wege ist? Nun steht auch "Keine Rückmeldung" oben im OTL Fenster-Rahmen. Was tun? Habe den PC resettet, reagierte gar nicht mehr. Neustart, Fundmeldungen MAM + Aivra, beide deaktiviert, OTL gestartet, Code reinkopiert, Fix. Und das selbe wieder. MAM pop in der Taskbar auf, kann aber nicht sehen was für eine Meldung das ist, es macht pling und alles steht. In OTL steht "Killing processes...", Task Manager lässt sich nicht öffnen.  |
|
28.06.2012, 12:27
| #8 |
| | TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität Hi, in den abgesicherten Modus booten (F8 beim booten), dann die Scanner deaktivieren und noch mal probieren... Funzt das nicht, dann CF im abgesicherten Modus von der Leine lassen! chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
28.06.2012, 13:52
| #9 |
| | TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität Habe im abges. Modus OTL die Files fixen lassen und Combofix ist im abgesicherten Modus durchgelaufen, hat aber vor dem Scan gemeckert, dass Avira Desktop Echzeit Scanner noch aktiv wäre. War aber definitv nicht im Systray und auch nicht als Prozess im Task Manager auszumachen. Dann kam noch die Nachricht, dass keine Wiederherstellungskonsole vorhanden sei (runterladen ging nicht, war ja im abgesi. Modus ohne I-Net) und deswegen u.U. nicht intensiv gescannt werden könnte, habe trotzdem fortsetzen geklickt. Logs folgen erst morgen, weil momentan der MAM Fulscan läuft und ich gleich weg muss. Bis hierhin aber schon mal besten Dank für Deine Hilfe!  Hallo, nach dem Neustart gab es keinen Alarm von Avira oder MAM. Hier die Logs: Code:
ATTFilter All processes killed
========== OTL ==========
C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@ moved successfully.
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@ moved successfully.
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\800000cb.@ moved successfully.
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\80000000.@ moved successfully.
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\00000001.@ moved successfully.
C:\Dokumente und Einstellungen\admin\Desktop\yqmpbmgg.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: admin
->Temp folder emptied: 297403564 bytes
->Temporary Internet Files folder emptied: 139755698 bytes
->Java cache emptied: 33952315 bytes
->FireFox cache emptied: 673529797 bytes
->Flash cache emptied: 3598 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2264730 bytes
->Flash cache emptied: 405 bytes
User: Mitarbeiter
->Temp folder emptied: 1464403 bytes
->Temporary Internet Files folder emptied: 538488 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52130285 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6037163 bytes
User: Sascha
->Temp folder emptied: 6220770 bytes
->Temporary Internet Files folder emptied: 276377 bytes
->Java cache emptied: 84540735 bytes
->FireFox cache emptied: 103291946 bytes
->Flash cache emptied: 3466 bytes
User: Vorlagen
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 24514567 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12324617 bytes
RecycleBin emptied: 12125029 bytes
Total Files Cleaned = 1.385,00 mb
OTL by OldTimer - Version 3.2.53.0 log created on 06282012_135220
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.27.04 Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus) Internet Explorer 8.0.6001.18702 admin :: BUERO-1 [Administrator] Schutz: Deaktiviert 28.06.2012 14:38:47 mbam-log-2012-06-29 (13-32-26).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 344995 Laufzeit: 1 Stunde(n), 8 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\n.vir (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\06282012_135220\C_Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\06282012_135220\C_Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\06282012_135220\C_Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter ComboFix 12-06-28.01 - admin 28.06.2012 14:13:42.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3583.3278 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\admin\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}
c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\n
c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\assembly\tmp
c:\dokumente und einstellungen\admin\WINDOWS
c:\windows\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-28 bis 2012-06-28 ))))))))))))))))))))))))))))))
.
.
2012-06-28 09:45 . 2012-06-28 09:45 -------- d-----w- C:\_OTL
2012-06-28 08:58 . 2012-06-28 08:58 -------- d-----r- c:\dokumente und einstellungen\NetworkService\Favoriten
2012-06-27 08:13 . 2012-06-27 08:13 -------- d-----w- c:\dokumente und einstellungen\admin\Anwendungsdaten\Malwarebytes
2012-06-27 08:13 . 2012-06-27 08:13 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-06-27 08:13 . 2012-06-27 08:13 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-27 08:13 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 10:26 . 2012-06-22 10:26 770384 ----a-w- c:\programme\Mozilla Firefox\msvcr100.dll
2012-06-22 10:26 . 2012-06-22 10:26 421200 ----a-w- c:\programme\Mozilla Firefox\msvcp100.dll
2012-06-13 07:45 . 2012-05-11 14:40 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-04 11:03 . 2012-06-04 11:03 -------- d-----w- c:\programme\Dropbox
2012-05-31 08:29 . 2012-05-31 08:29 -------- d-----w- c:\programme\Canon
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 11:46 . 2012-04-02 10:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 11:46 . 2011-05-19 06:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2009-05-19 16:27 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-05-19 16:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-05-19 16:27 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-10-16 12:08 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 12:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-05-19 16:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-05-19 16:27 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-10-16 12:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 12:08 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-04-14 05:52 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-16 12:08 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-05-19 16:27 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-05-19 16:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2009-12-03 07:43 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-12-03 07:43 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2009-12-03 07:43 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 05:52 604160 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2008-04-14 05:52 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2008-04-14 05:23 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-14 14:03 . 2012-02-09 13:57 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-14 14:03 . 2012-02-09 13:57 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-11 14:40 . 2008-04-14 05:53 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:40 . 2008-04-14 05:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2008-04-14 05:25 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2008-04-14 07:30 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2008-04-14 05:29 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2009-05-19 16:25 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-11 11:12 . 2012-04-11 11:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-11 11:12 . 2010-07-01 10:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2009-10-13 10:56 . 2009-05-27 11:39 3211264 ----a-w- c:\programme\Gemeinsame DateienDDBACSetup.msi
2012-06-22 10:26 . 2011-03-29 10:55 85472 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\dokumente und einstellungen\admin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\dokumente und einstellungen\admin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\dokumente und einstellungen\admin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\dokumente und einstellungen\admin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\dokumente und einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe" [2012-05-04 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-20 19523616]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"Norton Ghost 15.0"="c:\programme\Norton Ghost\Agent\VProTray.exe" [2010-03-03 2598760]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-02-11 536576]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-14 348624]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2011-12-09 74752]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\dokumente und einstellungen\admin\Desktop\OTL.exe" [2012-06-27 596992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\admin\Startmenü\Programme\Autostart\
BUFFALO NAS Navigator2.lnk - c:\programme\BUFFALO\NASNAVI\NasNavi.exe [2012-4-17 1927120]
Dropbox.lnk - c:\dokumente und einstellungen\admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
NAS Scheduler.lnk - c:\programme\BUFFALO\NASNAVI\nassche.exe [2012-4-17 206128]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Quicken 2009 Zahlungserinnerung.lnk - c:\programme\Quicken\2009\billmind.exe [2008-5-20 98304]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 80 (0x50)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SmartUI.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\SmartUI.lnk
backup=c:\windows\pss\SmartUI.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
= [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53 35736 ----a-w- c:\programme\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2002-08-08 10:09 36864 ----a-w- c:\programme\Scansoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
2007-09-25 11:59 532776 ----a-w- c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:52 1695232 ------w- c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2002-08-08 09:38 45108 ----a-w- c:\programme\Scansoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-04-28 07:59 220552 ----a-w- c:\programme\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2009-02-03 15:27 2158592 ----a-w- c:\programme\Vtune\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\programme\TomTom HOME 2\TomTomHOMERunner.exe
.
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [09.02.2012 15:57 36000]
S2 AntiVirMailService;Avira Email Schutz;c:\programme\Avira\AntiVir Desktop\avmailc.exe [09.02.2012 15:57 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [09.02.2012 15:58 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [09.02.2012 15:57 465360]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [14.07.2011 13:43 136176]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [27.06.2012 10:13 654408]
S2 NasPmService;NAS PM Service;c:\programme\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=297 -dto=3 -dluc=0 -dmin=1 -dmax=2 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=292 -pmin=1 -pmax=2 -pflc=0 --> c:\programme\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=297 -dto=3 -dluc=0 -dmin=1 -dmax=2 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=292 -pmin=1 -pmax=2 -pflc=0 [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [24.08.2010 11:38 92008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02.04.2012 12:53 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19.05.2009 19:15 1691480]
S3 brfilt;Brother MFC-Filtertreiber;c:\windows\system32\drivers\BrFilt.sys [03.06.2009 15:32 2944]
S3 brparimg;Brother Multifunktions-parallel-Image-Treiber;c:\windows\system32\drivers\BrParImg.sys [21.01.2010 10:54 3168]
S3 BrParWdm;Brother WDM-Treiber (parallel);c:\windows\system32\drivers\BrParwdm.sys [21.01.2010 10:54 39808]
S3 BrSerWDM;Brother WDM-Treiber (seriell);c:\windows\system32\drivers\BrSerWdm.sys [03.06.2009 15:32 60416]
S3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB);c:\windows\system32\drivers\BrUsbMdm.sys [03.06.2009 15:32 11008]
S3 BrUsbScn;Brother MFC-Scannertreiber (USB);c:\windows\system32\drivers\BrUsbScn.sys [03.06.2009 15:31 10368]
S3 FLASHSYS;FLASHSYS;c:\programme\MSI\Live Update 4\LU4\FlashSys.sys [14.03.2011 19:38 9216]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [21.09.2009 20:25 1574408]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [21.09.2009 20:26 57840]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [14.07.2011 13:43 136176]
S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [14.03.2011 17:35 45056]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27.06.2012 10:13 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [04.05.2012 14:59 113120]
S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 21:37 4640000]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [14.04.2008 07:52 5120]
S3 SymSnapService;SymSnapService;c:\programme\Norton Ghost\Shared\Drivers\SymSnapService.exe [21.09.2009 20:19 1964528]
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 11:46]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-07-14 11:43]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-07-14 11:43]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{99277728-F2C2-46E7-B3A0-2E8743EA09DC}: NameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yx8gn338.default\
FF - prefs.js: browser.startup.homepage - hxxp://groupware.vfs-langenhagen.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Convert Image To PDF_is1 - c:\programme\Softinterface
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-28 14:18
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,96,ad,1f,b4,ce,7c,42,ab,ea,25,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,96,ad,1f,b4,ce,7c,42,ab,ea,25,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(240)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Zeit der Fertigstellung: 2012-06-28 14:20:06
ComboFix-quarantined-files.txt 2012-06-28 12:20
.
Vor Suchlauf: 10 Verzeichnis(se), 966.987.059.200 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 967.256.748.032 Bytes frei
.
- - End Of File - - C3780768BB895C807EC4E41476937C67
Sascha |
|
| Themen zu TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität |
| adobe, antivir, avg, avira, behandlung, bho, branding, dateisystem, document, einstellungen, excel, fehler, firefox, firefox 13.0.1, flash player, format, ftp, google earth, heuristiks/extra, heuristiks/shuriken, home, installation, lexware, logfile, mozilla, ntdll.dll, object, plug-in, realtek, registry, rootkit, scan, searchscopes, senden, sigcheck, spotify web helper, svchost.exe, symantec, tr/atraps.gen2, tr/sirefef.ag.35, tr/small.fi, trojaner, unsignedfile.multi.generic, wbemess.dll |
Linear-Darstellung
