Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
AdAware "Trojan.Win32.FakeVimes.ge"

AdAware "Trojan.Win32.FakeVimes.ge"


Log-Analyse und Auswertung: AdAware "Trojan.Win32.FakeVimes.ge"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 3 1 2 3
Alt 21.10.2012, 12:39   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AdAware "Trojan.Win32.FakeVimes.ge" - Standard

AdAware "Trojan.Win32.FakeVimes.ge"


Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.10.2012, 18:07   #17
hemisphere07
 
AdAware "Trojan.Win32.FakeVimes.ge" - Standard

AdAware "Trojan.Win32.FakeVimes.ge"


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.10.2012 18:45:12 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\user\Desktop\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 87,02% Memory free
11,07 Gb Paging File | 10,83 Gb Available in Paging File | 97,80% Paging File free
Paging file location(s): C:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97,65 Gb Total Space | 40,30 Gb Free Space | 41,27% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 322,11 Gb Free Space | 87,51% Space Free | Partition Type: NTFS
 
Computer Name: USERPC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.21 18:36:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.08.08 10:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012.07.27 03:05:28 | 000,130,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\redirector.exe
PRC - [2008.11.27 18:43:40 | 000,962,584 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008.11.27 18:37:30 | 000,165,144 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
PRC - [2008.11.27 18:37:24 | 000,554,264 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
PRC - [2008.11.27 18:18:00 | 004,386,336 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008.06.27 17:50:38 | 000,091,432 | ---- | M] (cyberlink) -- C:\Programme\CyberLink\Shared Files\brs.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2006.12.03 15:53:06 | 000,126,464 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2003.03.09 22:31:04 | 000,561,152 | R--- | M] () -- C:\WINDOWS\system32\hpotscl.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Programme\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - File not found [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2012.10.12 18:02:45 | 000,059,776 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINDOWS\System32\drivers\78edf8e8d34ecce2.sys -- (78edf8e8d34ecce2)
SRV - [2012.10.09 00:28:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2008.11.27 18:37:24 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008.02.28 18:07:48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007.02.25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.03.09 22:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\Ca1528av.sys -- (Ca1528av)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Bulk1528.sys -- (Bulk1528)
DRV - [2012.10.12 18:02:45 | 000,059,776 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\System32\drivers\78edf8e8d34ecce2.sys -- (78edf8e8d34ecce2)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.04.25 08:03:28 | 000,067,960 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2011.12.11 21:16:56 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm174.sys -- (tdrpman174)
DRV - [2011.12.11 21:16:54 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011.12.11 21:16:54 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011.12.11 21:16:50 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snman380.sys -- (snapman380)
DRV - [2011.11.29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011.09.21 10:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010.02.05 06:21:49 | 000,108,032 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smhwser.sys -- (smhwser)
DRV - [2010.01.15 01:02:28 | 000,100,864 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smhwdev.sys -- (smhwdev)
DRV - [2009.12.25 10:00:40 | 000,025,728 | R--- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smhwadb.sys -- (androidusb)
DRV - [2009.01.14 09:14:01 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.10.02 20:01:00 | 004,878,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.07.03 04:38:00 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.07.01 12:27:00 | 000,108,800 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.06.27 17:50:32 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2007.10.12 10:40:00 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2007.06.11 15:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007.05.24 15:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.04.24 14:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.03.01 17:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.01.22 11:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.11.20 18:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.10.10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.04.12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005.04.12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005.04.12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005.04.12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2005.01.06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003.07.16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default Font Size = 01 00 00 00  [binary data]
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://suche.aon.at
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\..\SearchScopes\{C5CF2981-4EEC-473D-9E6D-CB6E8C489AA1}: "URL" = hxxp://www.google.at/search?hl=de&q={searchTerms}&meta=&rlz=1I7ADSA_de
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Programme\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Programme\Philips\Internet Video Downloader\Plugin_FireFox [2010.03.21 19:56:36 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Programme\Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Programme\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe File not found
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CitrixReceiver] "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Programme\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\hpothb07.dat ()
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\hpothb07.tif ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\user\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADA10E3B-8384-44E9-AF09-68293070DE3A}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Programme\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.14 16:59:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5a1f32b2-d86a-11df-abcd-0021853f154a}\Shell - "" = AutoRun
O33 - MountPoints2\{5a1f32b2-d86a-11df-abcd-0021853f154a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5a1f32b2-d86a-11df-abcd-0021853f154a}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{ae5e6fc8-1253-11e0-a2c1-0021853f154a}\Shell - "" = AutoRun
O33 - MountPoints2\{ae5e6fc8-1253-11e0-a2c1-0021853f154a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ae5e6fc8-1253-11e0-a2c1-0021853f154a}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{b748d118-d799-11df-abca-0021853f154a}\Shell - "" = AutoRun
O33 - MountPoints2\{b748d118-d799-11df-abca-0021853f154a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b748d118-d799-11df-abca-0021853f154a}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{faf10c81-9e80-11e0-a560-0021853f154a}\Shell - "" = AutoRun
O33 - MountPoints2\{faf10c81-9e80-11e0-a560-0021853f154a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{faf10c81-9e80-11e0-a560-0021853f154a}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: Ad-Aware Service - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SBAMSvc - C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Ad-Aware Service - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SBAMSvc - C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.21 18:35:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\OTL
[2012.10.21 18:26:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Startmenü\Programme\CyberLink PowerDVD 8
[2012.10.20 20:19:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Eset Onl Scanner
[2012.10.20 10:48:38 | 000,000,000 | ---D | C] -- C:\Programme\a-squared Free
[2012.10.20 10:47:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\A²
[2012.10.17 21:31:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\ADWcleaner
[2012.10.14 15:15:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes
[2012.10.14 15:15:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.10.14 15:15:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.10.14 15:15:14 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.10.14 15:14:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Malwarebytes
[2012.10.14 13:04:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Gmer
[2012.10.14 11:49:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Ad-Aware Antivirus
[2012.10.14 11:37:07 | 000,000,000 | ---D | C] -- C:\Programme\PC Antivirus
[2012.10.14 11:37:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVC1Data
[2012.10.14 10:34:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Emails_19_10_1030
[2012.10.14 02:24:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\PC Antivirus
[2012.10.14 02:24:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\AVPro
[2012.10.14 02:24:05 | 006,393,144 | ---- | C] (PC Antivirus Pro) -- C:\WINDOWS\uninstac.exe
[2012.10.14 02:24:03 | 000,582,992 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbap.dll
[2012.10.14 02:24:02 | 000,415,056 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\SpursDownload.dll
[2012.10.14 02:23:59 | 001,332,560 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbte.dll
[2012.10.12 17:49:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\LavasoftStatistics
[2012.10.12 17:42:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus
[2012.10.12 17:35:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ad-Aware Antivirus
[2012.10.12 17:35:29 | 000,077,816 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2012.10.12 17:35:28 | 000,021,240 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2012.10.12 17:35:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
[2012.10.12 17:34:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\VDD
[2012.10.12 17:34:52 | 000,000,000 | ---D | C] -- C:\Programme\Ad-Aware Antivirus
[2012.10.12 17:33:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
[2012.10.12 17:33:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\adawarebp
[2012.10.12 17:33:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
[2012.10.12 17:33:10 | 000,000,000 | ---D | C] -- C:\Programme\adawaretb
[2012.10.12 17:33:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\adawaretb
[2012.10.12 17:33:08 | 000,000,000 | ---D | C] -- C:\Programme\Toolbar Cleaner
[2012.10.12 17:31:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ad-Aware Antivirus
[2012.10.12 17:31:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\AA
[2012.10.12 16:47:09 | 000,000,000 | ---D | C] -- C:\Lop SD
[2012.10.12 16:20:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\HJt
[2012.10.05 16:52:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Leonie Buchvorstellung
[2012.10.03 22:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google
[2012.09.30 10:32:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Winterreifen_2012
[2012.09.26 16:12:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Nationalparktage
[2010.01.20 13:08:44 | 000,192,512 | ---- | C] (GPP Software) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\LLIB32D.DLL
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.21 18:39:37 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2012.10.21 18:28:22 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.10.21 18:26:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.21 18:25:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.21 13:18:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.21 12:00:00 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.10.19 19:01:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.14 20:17:06 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012.10.14 02:24:04 | 000,582,992 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\sbap.dll
[2012.10.14 02:24:03 | 000,415,056 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\SpursDownload.dll
[2012.10.14 02:24:02 | 001,332,560 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\sbte.dll
[2012.10.14 02:23:59 | 000,308,560 | ---- | M] () -- C:\WINDOWS\System32\vipre.dll
[2012.10.14 02:23:58 | 000,160,768 | ---- | M] () -- C:\WINDOWS\System32\unrar.dll
[2012.10.14 02:21:34 | 006,393,144 | ---- | M] (PC Antivirus Pro) -- C:\WINDOWS\uninstac.exe
[2012.10.12 18:02:45 | 000,059,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\78edf8e8d34ecce2.sys
[2012.10.11 16:33:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.10.11 05:57:40 | 000,452,756 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.10.11 05:57:40 | 000,435,996 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.11 05:57:40 | 000,081,468 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.10.11 05:57:40 | 000,068,700 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.08 20:52:41 | 000,000,191 | ---- | M] () -- D:\Eigene Dateien\DPE.DUS
[2012.10.03 21:29:49 | 000,004,298 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\DriveCalculator Preferences
[2012.10.02 16:35:56 | 000,300,001 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Transaktionsdetails.pdf
[2012.10.02 16:24:42 | 000,488,881 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Formular Zollbenachrichtigung.pdf
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.24 23:13:11 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.09.24 22:18:50 | 000,000,080 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.14 20:17:06 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012.10.14 12:05:15 | 000,000,960 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.10.14 02:23:59 | 000,308,560 | ---- | C] () -- C:\WINDOWS\System32\vipre.dll
[2012.10.14 02:23:58 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012.10.12 18:02:45 | 000,059,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\78edf8e8d34ecce2.sys
[2012.10.02 16:35:53 | 000,300,001 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\Transaktionsdetails.pdf
[2012.10.02 16:25:42 | 000,048,022 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\Rechnung.pdf
[2012.10.02 16:24:37 | 000,488,881 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\Formular Zollbenachrichtigung.pdf
[2012.08.31 10:37:41 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.13 21:31:43 | 000,043,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\ser2pl.sys
[2011.12.11 21:16:56 | 000,971,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\tdrpm174.sys
[2011.12.11 21:16:54 | 000,540,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\timntr.sys
[2011.12.11 21:16:54 | 000,044,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\tifsfilt.sys
[2011.12.11 21:16:50 | 000,134,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\snman380.sys
[2011.06.24 18:42:54 | 000,108,032 | R--- | C] () -- C:\WINDOWS\System32\drivers\smhwser.sys
[2011.06.24 18:42:54 | 000,100,864 | R--- | C] () -- C:\WINDOWS\System32\drivers\smhwdev.sys
[2011.06.24 18:42:54 | 000,025,728 | R--- | C] () -- C:\WINDOWS\System32\drivers\smhwadb.sys
[2010.09.10 16:58:22 | 000,004,298 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\DriveCalculator Preferences
[2010.09.10 16:52:31 | 000,000,258 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\PropCalc Preferences
[2010.01.20 13:08:50 | 000,003,346 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\MNO.DAT
[2009.11.22 13:11:56 | 000,429,549 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\mdbu.bin
[2009.05.15 16:27:03 | 000,000,080 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2009.03.28 16:20:08 | 000,004,395 | -H-- | C] () -- C:\Dokumente und Einstellungen\user\hpothb07.tif
[2009.03.28 16:20:08 | 000,000,488 | -H-- | C] () -- C:\Dokumente und Einstellungen\user\hpothb07.dat
[2009.02.18 16:49:24 | 000,000,257 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpothb07.tif
[2009.02.18 16:49:24 | 000,000,189 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpothb07.dat
[2009.02.14 17:44:57 | 000,001,024 | ---- | C] () -- C:\Dokumente und Einstellungen\user\.rnd
 
========== ZeroAccess Check ==========
 
[2009.02.14 17:10:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.10.16 03:00:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.14 12:29:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ad-Aware Antivirus
[2011.12.11 21:20:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2012.10.12 17:33:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
[2012.10.14 11:37:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVC1Data
[2010.01.09 11:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BIFAB
[2012.08.03 21:06:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Citrix
[2010.12.06 17:16:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fotobestellung
[2009.11.22 13:11:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HappyFoto
[2009.02.18 16:19:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\m2backup
[2009.02.18 16:19:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2009.05.15 16:27:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2009.08.07 11:32:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2009.02.18 16:49:25 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{783529ED-FB56-4E47-9A20-F9C23D22C2D0}
[2009.02.18 16:17:39 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8AF9D3CF-B9B5-4F8E-B47F-D26DF984D190}
[2009.02.18 16:17:11 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C3358ED5-0ADD-4BA0-8F60-B5A7CD34BD14}
[2012.10.12 17:42:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus
[2011.04.11 19:04:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Foxit Software
[2012.10.14 11:49:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Ad-Aware Antivirus
[2011.12.11 21:54:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Acronis
[2012.10.13 09:53:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ad-Aware Antivirus
[2012.10.12 17:33:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\adawaretb
[2012.10.14 02:30:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\AVPro
[2012.08.02 19:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Citrix
[2010.01.09 11:52:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Duden
[2012.02.26 21:53:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\DVDVideoSoft
[2009.02.14 19:07:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Foxit
[2011.04.11 19:06:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Foxit Software
[2011.06.10 15:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\HappyFoto
[2012.08.03 21:15:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ICAClient
[2009.02.18 16:19:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\mquadr.at
[2012.08.02 19:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Netscape
[2012.10.14 02:24:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\PC Antivirus
[2012.04.11 08:31:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\PTGui
[2012.07.05 22:14:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Softplicity
[2010.03.21 17:01:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Uniblue
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.11 21:54:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Acronis
[2012.10.13 09:53:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ad-Aware Antivirus
[2012.10.12 17:33:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\adawaretb
[2009.02.18 19:45:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Adobe
[2010.03.20 21:56:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ArcSoft
[2009.02.14 17:15:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ATI
[2012.10.14 02:30:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\AVPro
[2012.08.02 19:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Citrix
[2009.02.14 17:39:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\CyberLink
[2010.01.09 11:52:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Duden
[2012.02.26 21:53:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\DVDVideoSoft
[2009.02.14 19:07:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Foxit
[2011.04.11 19:06:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Foxit Software
[2010.05.05 19:58:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Google
[2011.06.10 15:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\HappyFoto
[2009.02.20 12:28:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Help
[2009.02.18 15:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Hewlett-Packard
[2012.08.03 21:15:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ICAClient
[2009.02.14 17:03:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Identities
[2009.02.14 17:22:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\InstallShield
[2012.08.31 20:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Intelli-studio
[2012.10.12 17:49:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\LavasoftStatistics
[2009.02.14 19:00:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Macromedia
[2012.10.14 15:15:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes
[2009.02.14 17:30:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Media Player Classic
[2012.08.28 16:09:55 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Microsoft
[2012.08.02 19:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla
[2009.02.18 16:19:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\mquadr.at
[2009.02.14 17:45:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Nero
[2012.08.02 19:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Netscape
[2012.10.14 02:24:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\PC Antivirus
[2012.04.11 08:31:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\PTGui
[2010.09.26 20:46:07 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\SecuROM
[2012.07.05 22:14:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Softplicity
[2009.02.14 19:06:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun
[2010.03.21 17:01:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Uniblue
[2011.09.15 09:46:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Winamp
 
< %APPDATA%\*.exe /s >
[2011.06.03 09:59:43 | 017,983,128 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Intelli-studio\iUpdate.exe
[2012.08.02 19:11:01 | 000,014,846 | R--- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Microsoft\Installer\{1FFB4E2F-60A9-4BC9-B04B-0CEB8E108232}\EPA_Icon.914326BE_BDF9_4068_A4AF_AF1B75093799.exe
[2010.01.24 13:40:06 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Microsoft\Installer\{8AEBFD30-B94F-4A49-8106-03039708BDD4}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012.10.12 18:02:45 | 000,059,776 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\78edf8e8d34ecce2.sys
[2008.04.14 14:00:00 | 000,188,800 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\acpi.sys
[2008.04.14 14:00:00 | 000,012,160 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\acpiec.sys
[2008.04.13 23:09:24 | 000,142,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\aec.sys
[2011.08.17 15:49:54 | 000,138,496 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.08.05 21:10:00 | 001,684,736 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Ambfilt.sys
[2007.10.12 10:40:00 | 000,009,096 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\amdide.sys
[2008.04.14 14:00:00 | 000,041,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008.04.14 14:00:00 | 000,041,856 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\amdk7.sys
[2008.04.14 14:00:00 | 000,060,800 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\arp1394.sys
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
[2009.01.14 09:14:01 | 003,455,488 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2008.07.03 04:38:00 | 000,089,600 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\AtiHdmi.sys
[2008.04.14 14:00:00 | 000,059,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2008.04.14 14:00:00 | 000,031,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008.04.14 14:00:00 | 000,055,808 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atmlane.sys
[2008.04.14 14:00:00 | 000,352,256 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atmuni.sys
[2001.08.17 14:59:44 | 000,003,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\audstub.sys
[2008.04.14 14:00:00 | 000,004,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\beep.sys
[2008.04.14 14:00:00 | 000,071,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bridge.sys
[2008.06.14 19:32:01 | 000,273,024 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bthport.sys
[2008.04.14 14:00:00 | 000,013,952 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2008.04.14 14:00:00 | 000,018,688 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008.04.14 14:00:00 | 000,063,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\cdfs.sys
[2008.04.14 14:00:00 | 000,062,976 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\cdrom.sys
[2008.04.14 14:00:00 | 000,262,528 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008.04.14 14:00:00 | 000,049,536 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\classpnp.sys
[2008.04.14 14:00:00 | 000,011,776 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2011.09.21 10:25:34 | 000,021,992 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys
[2008.04.14 14:00:00 | 000,040,832 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\crusoe.sys
[2012.04.25 08:03:28 | 000,067,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ctxusbm.sys
[2008.04.14 14:00:00 | 000,036,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\disk.sys
[2008.04.14 14:00:00 | 000,014,208 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\diskdump.sys
[2008.04.14 14:00:00 | 000,800,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008.04.14 14:00:00 | 000,154,112 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dmio.sys
[2008.04.14 14:00:00 | 000,005,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dmload.sys
[2008.04.14 01:15:02 | 000,052,864 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\DMusic.sys
[2008.04.14 01:15:16 | 000,060,160 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\drmk.sys
[2008.04.14 01:15:14 | 000,002,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2008.04.14 14:00:00 | 000,010,496 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dxapi.sys
[2008.04.14 14:00:00 | 000,071,168 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dxg.sys
[2008.04.14 14:00:00 | 000,003,328 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2007.08.20 11:05:02 | 000,027,672 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Entech.sys
[2008.04.14 14:00:00 | 000,143,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\fastfat.sys
[2008.04.14 14:00:00 | 000,027,392 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\fdc.sys
[2008.04.14 14:00:00 | 000,044,672 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\fips.sys
[2008.04.14 14:00:00 | 000,020,480 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008.04.14 14:00:00 | 000,129,792 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\fltMgr.sys
[2008.04.14 14:00:00 | 000,012,288 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\fsvga.sys
[2008.04.14 14:00:00 | 000,007,936 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2008.04.14 14:00:00 | 000,126,336 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2008.04.14 14:00:00 | 000,144,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2008.04.14 01:15:28 | 000,036,864 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008.04.14 01:15:24 | 000,024,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hidparse.sys
[2008.04.14 01:15:28 | 000,010,368 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hidusb.sys
[2003.03.09 22:31:00 | 000,051,024 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hpzid412.sys
[2003.03.09 22:31:02 | 000,016,080 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\HPZipr12.sys
[2003.03.09 22:31:02 | 000,021,456 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\HPZius12.sys
[2009.10.20 18:20:16 | 000,265,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\http.sys
[2008.04.14 14:00:00 | 000,052,992 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2008.04.14 14:00:00 | 000,042,112 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\imapi.sys
[2008.04.14 14:00:00 | 000,040,448 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008.04.14 14:00:00 | 000,036,608 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2008.04.14 14:00:00 | 000,032,896 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008.04.14 14:00:00 | 000,020,864 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008.04.14 14:00:00 | 000,152,832 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008.04.14 14:00:00 | 000,075,264 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008.04.14 14:00:00 | 000,011,264 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\irenum.sys
[2008.04.14 14:00:00 | 000,037,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 14:00:00 | 000,025,216 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008.04.14 08:28:38 | 000,014,720 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kbdhid.sys
[2008.04.14 01:15:10 | 000,172,416 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008.04.14 01:46:38 | 000,141,056 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ks.sys
[2009.06.24 13:18:41 | 000,092,928 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2008.04.14 14:00:00 | 000,007,680 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mcd.sys
[2008.04.14 14:00:00 | 000,063,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mf.sys
[2008.04.14 14:00:00 | 000,004,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008.04.14 14:00:00 | 000,030,336 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\modem.sys
[2006.01.04 16:41:00 | 001,389,056 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Monfilt.sys
[2008.04.14 14:00:00 | 000,023,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mouclass.sys
[2008.04.14 14:00:00 | 000,012,288 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mouhid.sys
[2008.04.14 14:00:00 | 000,042,368 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2008.04.14 14:00:00 | 000,092,544 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mqac.sys
[2008.04.14 14:00:00 | 000,180,608 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2011.07.15 15:29:31 | 000,456,320 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008.04.14 14:00:00 | 000,019,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\msfs.sys
[2008.04.14 14:00:00 | 000,035,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\msgpc.sys
[2008.04.14 01:09:54 | 000,007,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\MSKSSRV.sys
[2008.04.14 01:09:52 | 000,005,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[2008.04.14 01:09:52 | 000,004,992 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\MSPQM.sys
[2008.04.14 14:00:00 | 000,015,488 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2011.04.21 15:37:43 | 000,105,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mup.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndis.sys
[2011.07.08 16:02:00 | 000,010,496 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008.04.14 14:00:00 | 000,014,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008.04.14 14:00:00 | 000,091,520 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2010.11.02 17:17:02 | 000,040,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008.04.14 14:00:00 | 000,034,688 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\netbios.sys
[2008.04.14 14:00:00 | 000,162,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\netbt.sys
[2008.04.14 14:00:00 | 000,061,824 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nic1394.sys
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008.04.14 14:00:00 | 000,040,320 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nmnt.sys
[2008.04.14 14:00:00 | 000,030,848 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\npfs.sys
[2008.04.14 14:00:00 | 000,574,976 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ntfs.sys
[2008.04.14 14:00:00 | 000,002,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\null.sys
[2008.04.14 14:00:00 | 000,012,416 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2008.04.14 14:00:00 | 000,032,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008.04.14 14:00:00 | 000,088,320 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2008.04.14 14:00:00 | 000,063,232 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2008.04.14 14:00:00 | 000,055,936 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008.04.14 14:00:00 | 000,163,584 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwrdr.sys
[2008.04.14 14:00:00 | 000,003,456 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008.04.14 14:00:00 | 000,046,848 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\p3.sys
[2008.04.14 14:00:00 | 000,080,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\parport.sys
[2008.04.14 14:00:00 | 000,019,712 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\partmgr.sys
[2008.04.14 14:00:00 | 000,007,040 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008.04.14 14:00:00 | 000,068,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pci.sys
[2001.11.19 20:05:18 | 000,003,972 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\PciBus.sys
[2008.04.14 14:00:00 | 000,003,328 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pciide.sys
[2008.04.14 14:00:00 | 000,024,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008.04.14 14:00:00 | 000,120,576 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2008.04.14 01:49:42 | 000,146,048 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\portcls.sys
[2008.04.14 14:00:00 | 000,039,936 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\processr.sys
[2008.04.14 14:00:00 | 000,069,120 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\psched.sys
[2008.04.14 14:00:00 | 000,017,792 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ptilink.sys
[2008.04.14 14:00:00 | 000,008,832 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008.04.14 14:00:00 | 000,051,328 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008.04.14 14:00:00 | 000,041,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008.04.14 14:00:00 | 000,048,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\raspptp.sys
[2008.04.14 14:00:00 | 000,016,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\raspti.sys
[2008.04.14 14:00:00 | 000,034,432 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008.04.14 14:00:00 | 000,175,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rdbss.sys
[2008.04.14 14:00:00 | 000,004,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008.04.14 01:02:52 | 000,196,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2012.07.04 16:05:05 | 000,139,784 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2008.04.14 08:22:52 | 000,057,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\redbook.sys
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\riodrv.sys
[2008.05.08 16:02:52 | 000,203,136 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008.04.14 14:00:00 | 000,030,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008.04.14 14:00:00 | 000,005,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2008.07.01 12:27:00 | 000,108,800 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Rtenicxp.sys
[2008.10.02 20:01:00 | 004,878,336 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\RtkHDAud.sys
[2011.11.29 06:59:48 | 000,021,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sbaphd.sys
[2011.11.29 06:59:52 | 000,077,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sbapifs.sys
[2011.10.26 14:23:40 | 000,101,112 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SBREDrv.sys
[2008.04.14 14:00:00 | 000,096,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008.04.14 14:00:00 | 000,079,232 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sdbus.sys
[2008.04.14 14:00:00 | 000,020,480 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\secdrv.sys
[2003.07.16 14:27:40 | 000,043,264 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ser2pl.sys
[2008.04.14 14:00:00 | 000,015,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\serenum.sys
[2008.04.14 14:00:00 | 000,065,536 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\serial.sys
[2008.04.14 14:00:00 | 000,011,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008.04.14 14:00:00 | 000,010,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008.04.14 14:00:00 | 000,011,008 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008.04.14 14:00:00 | 000,011,392 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2008.04.14 14:00:00 | 000,014,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\smclib.sys
[2009.12.25 10:00:40 | 000,025,728 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\smhwadb.sys
[2010.01.15 01:02:28 | 000,100,864 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\smhwdev.sys
[2010.02.05 06:21:49 | 000,108,032 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\smhwser.sys
[2011.12.11 21:16:50 | 000,134,272 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\snman380.sys
[2008.04.14 14:00:00 | 000,025,344 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2001.08.17 13:56:16 | 000,007,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS
[2008.04.14 01:15:08 | 000,006,272 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\splitter.sys
[2008.04.14 14:00:00 | 000,073,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sr.sys
[2011.02.17 15:18:03 | 000,357,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\srv.sys
[2008.04.14 01:15:16 | 000,049,408 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\stream.sys
[2008.04.14 14:00:00 | 000,004,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\swenum.sys
[2008.04.14 01:15:10 | 000,056,576 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\swmidi.sys
[2008.04.14 01:45:56 | 000,060,800 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008.04.14 14:00:00 | 000,014,976 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tape.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2010.02.11 14:02:15 | 000,226,880 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008.04.14 14:00:00 | 000,019,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tdi.sys
[2008.04.14 14:00:00 | 000,012,040 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2011.12.11 21:16:56 | 000,971,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tdrpm174.sys
[2008.04.14 14:00:00 | 000,021,896 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008.04.14 08:53:28 | 000,040,840 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\termdd.sys
[2011.12.11 21:16:54 | 000,044,704 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tifsfilt.sys
[2011.12.11 21:16:54 | 000,540,000 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\timntr.sys
[2008.04.14 14:00:00 | 000,051,712 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2006.10.10 20:33:00 | 000,041,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tosporte.sys
[2007.04.24 14:20:06 | 000,113,920 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tosrfbd.sys
[2006.11.20 18:55:16 | 000,036,480 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tosrfbnp.sys
[2007.05.24 15:27:30 | 000,064,000 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tosrfcom.sys
[2007.03.01 17:53:10 | 000,073,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Tosrfhid.sys
[2005.01.06 14:42:00 | 000,018,612 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tosrfnds.sys
[2007.01.22 11:43:26 | 000,053,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\TosRfSnd.sys
[2007.06.11 15:25:28 | 000,041,856 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tosrfusb.sys
[2008.04.14 14:00:00 | 000,021,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008.04.14 14:00:00 | 000,012,288 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008.04.14 14:00:00 | 000,066,048 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\udfs.sys
[2008.04.14 14:00:00 | 000,384,768 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\update.sys
[2008.04.14 14:00:00 | 000,012,800 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008.04.14 14:00:00 | 000,025,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008.04.14 14:00:00 | 000,025,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2008.04.14 01:15:40 | 000,032,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2008.04.14 14:00:00 | 000,004,736 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbd.sys
[2008.04.14 14:00:00 | 000,030,208 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008.04.14 14:00:00 | 000,059,520 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008.04.14 14:00:00 | 000,015,872 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbintel.sys
[2008.04.14 14:00:00 | 000,017,152 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbohci.sys
[2008.04.14 14:00:00 | 000,143,872 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbport.sys
[2008.04.14 01:17:38 | 000,025,856 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbprint.sys
[2008.04.14 01:15:36 | 000,015,104 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008.04.14 01:15:40 | 000,026,368 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS
[2008.04.14 14:00:00 | 000,058,112 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008.04.14 14:00:00 | 000,020,992 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\vga.sys
[2008.04.14 14:00:00 | 000,081,664 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008.04.14 14:00:00 | 000,053,760 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2008.04.14 14:00:00 | 000,034,560 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wanarp.sys
[2006.11.02 07:22:54 | 000,492,000 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wdf01000.sys
[2006.11.02 07:22:52 | 000,032,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wdfldr.sys
[2008.04.14 01:47:20 | 000,083,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2005.04.12 20:21:28 | 000,010,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WmBEnum.sys
[2005.04.12 20:21:32 | 000,022,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WmFilter.sys
[2008.04.14 01:06:40 | 000,008,832 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wmiacpi.sys
[2008.04.14 14:00:00 | 000,004,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wmilib.sys
[2005.04.12 20:21:28 | 000,005,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WmVirHid.sys
[2005.04.12 20:21:26 | 000,045,504 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WmXlCore.sys
[2006.10.18 21:00:00 | 000,038,528 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2006.09.28 19:55:50 | 000,077,568 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WudfPf.sys
[2006.09.28 20:00:34 | 000,082,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WudfRd.sys
 
< %systemroot%\System32\config\*.sav >
[2009.02.14 17:44:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.02.14 17:44:08 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.02.14 17:44:08 | 000,458,752 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.01.14 05:37:08 | 000,577,536 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ati2cqag.dll
[2009.01.14 06:47:44 | 000,323,584 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ati2dvag.dll
[2009.01.14 06:22:33 | 004,009,152 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ati3duag.dll
[2009.01.14 05:45:52 | 000,401,408 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\atikvmag.dll
[2009.01.14 06:53:11 | 000,286,720 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\atiok3x2.dll
[2009.01.14 06:05:42 | 002,500,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ativvaxx.dll
[2011.02.15 14:56:39 | 000,290,432 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\atmfd.dll
[2008.04.14 14:00:00 | 000,012,288 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\bootvid.dll
[2011.10.28 07:31:46 | 000,033,280 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\csrsrv.dll
[2008.04.14 14:00:00 | 000,009,344 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\framebuf.dll
[2008.04.14 14:00:00 | 000,134,400 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\hal.dll
[2008.04.14 14:00:00 | 000,006,656 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\KBDAL.DLL
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdaze.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdazel.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdbe.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdbene.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdbhc.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdblr.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdbr.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdbu.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdca.dll
[2008.04.14 14:00:00 | 000,007,680 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdcan.dll
[2008.04.14 14:00:00 | 000,006,656 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdcr.dll
[2008.04.14 14:00:00 | 000,007,168 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdcz.dll
[2008.04.14 14:00:00 | 000,006,656 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdcz1.dll
[2008.04.14 14:00:00 | 000,006,656 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdcz2.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdda.dll
[2008.04.14 14:00:00 | 000,005,120 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbddv.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdes.dll
[2008.04.14 14:00:00 | 000,006,144 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdest.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdfc.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdfi.dll
[2008.04.14 14:00:00 | 000,007,168 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdfi1.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdfo.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdfr.dll
[2008.04.14 14:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdgae.dll
[2008.04.14 14:00:00 | 000,006,144 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdgkl.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdgr.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdgr1.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdhe.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdhe220.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdhe319.dll
[2008.04.14 14:00:00 | 000,006,144 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdhela2.dll
[2008.04.14 14:00:00 | 000,006,656 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdhela3.dll
[2008.04.14 14:00:00 | 000,008,192 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdhept.dll
[2008.04.14 14:00:00 | 000,006,656 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdhu.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdhu1.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdic.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdinbe1.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdinben.dll
[2008.04.14 14:00:00 | 000,006,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdinmal.dll
[2008.04.14 14:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdir.dll
[2008.04.14 14:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdit.dll
[2008.04.14 14:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdit142.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdiultn.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdkaz.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdkyr.dll
[2008.04.14 14:00:00 | 000,006,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdla.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdlt.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdlt1.dll
[2008.04.14 14:00:00 | 000,006,144 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdlv.dll
[2008.04.14 14:00:00 | 000,006,144 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdlv1.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdmac.dll
[2008.04.14 14:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdmaori.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdmlt47.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdmlt48.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdmon.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdne.dll
[2008.04.14 14:00:00 | 000,007,168 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdnec.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdnepr.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdno.dll
[2008.04.14 14:00:00 | 000,007,168 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdno1.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdpash.dll
[2008.04.14 14:00:00 | 000,006,656 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdpl.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdpl1.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdpo.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdro.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdru.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdru1.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdsf.dll
[2008.04.14 14:00:00 | 000,006,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdsg.dll
[2008.04.14 14:00:00 | 000,006,656 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdsl.dll
[2008.04.14 14:00:00 | 000,006,656 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdsl1.dll
[2008.04.14 14:00:00 | 000,007,680 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdsmsfi.dll
[2008.04.14 14:00:00 | 000,007,680 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdsmsno.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdsp.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdsw.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdtat.dll
[2008.04.14 14:00:00 | 000,006,144 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdtuf.dll
[2008.04.14 14:00:00 | 000,006,144 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdtuq.dll
[2008.04.14 14:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbduk.dll
[2008.04.14 14:00:00 | 000,007,168 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdukx.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdur.dll
[2008.04.14 14:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdus.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdusl.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdusr.dll
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdusx.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbduzb.dll
[2008.04.14 14:00:00 | 000,005,632 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdycc.dll
[2008.04.14 14:00:00 | 000,006,656 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdycl.dll
[2008.04.14 14:00:00 | 000,007,424 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kd1394.dll
[2008.04.14 14:00:00 | 000,007,040 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kdcom.dll
[2008.04.14 14:00:00 | 000,010,496 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\mcdsrv32.dll
[2008.04.14 14:00:00 | 000,034,560 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\mnmdd.dll
[2008.04.14 14:00:00 | 000,010,112 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\modex.dll
[2008.04.14 14:00:00 | 000,061,440 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt40.dll
[2008.04.14 14:00:00 | 000,092,424 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\rdpdd.dll
[2009.08.26 10:00:21 | 000,247,326 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\strmdll.dll
[2008.04.14 14:00:00 | 000,012,168 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\tsddd.dll
[2008.04.14 14:00:00 | 000,009,344 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\vga.dll
[2008.04.14 14:00:00 | 000,051,456 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\vga256.dll
[2008.04.14 14:00:00 | 000,018,176 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\vga64k.dll
[2008.04.14 14:00:00 | 000,060,928 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wmerrDEU.dll
[2008.04.14 14:00:00 | 000,303,616 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wmstream.dll
[2008.04.14 14:00:00 | 000,003,200 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wowfax.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:317EBE71ED39BCCE

< End of report >
--- --- ---
[/code]
__________________
Alt 21.10.2012, 20:40   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AdAware "Trojan.Win32.FakeVimes.ge" - Standard

AdAware "Trojan.Win32.FakeVimes.ge"


Zitat:
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADA10E3B-8384-44E9-AF09-68293070DE3A}: DhcpNameServer = 10.0.0.138 10.0.0.138
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________
__________________
Alt 21.10.2012, 21:00   #19
hemisphere07
 
AdAware "Trojan.Win32.FakeVimes.ge" - Standard

AdAware "Trojan.Win32.FakeVimes.ge"


Ich weiß zwar nicht wie du das aus den zwei oben genannten Zeilen erkennst, aber ich kann die Frage mit "nein" beantworten. Sitze hier zu Hause in meiner Verzweiflung und warte auf jede Anweisung von dir,wie auf einen Bissen Brot. Also ich kann dir versichern, dass es sich um einen privaten PC handelt, den mir ein Ex-Arbeitskollege vor ca. 3 1/2 Jahren zusammengestellt hat.

Alt 22.10.2012, 11:06   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AdAware "Trojan.Win32.FakeVimes.ge" - Standard

AdAware "Trojan.Win32.FakeVimes.ge"


Zitat:
Ich weiß zwar nicht wie du das aus den zwei oben genannten Zeilen erkennst,
1. Eine Professional Edition für zu Hause haben die wenigsten und wenn sie es haben brauchen die allerwenigsten wirklich diese Edition - sie ist für ein Firmennetzwerk mit Windows-Domäne gedacht!

2. DhcpNameServer = 10.0.0.138 10.0.0.138 - DHCP-Server steht in einem 10er-Subnet? Private 10er Segmente sieht man privat auch eher selten bis garnicht.

Zitat:
den mir ein Ex-Arbeitskollege vor ca. 3 1/2 Jahren zusammengestellt hat.
Und Windows hat er dir gleich mit installiert?

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.10.2012, 17:51   #21
hemisphere07
 
AdAware "Trojan.Win32.FakeVimes.ge" - Standard

AdAware "Trojan.Win32.FakeVimes.ge"


Korrekt.
PC wurde aus Einzelkomponenten zusammengestellt. Wdws war schon vorinstalliert. Woher das mit dem DhcpNameServer = 10.0.0.138 kommt, kann ich dir leider nicht sagen.
Möglicherweise ist es vom Provider (A1 Telekom Austria)abhängig, der mir übrigens auch schon eine Email geschickt hat, dass von meinem Computer unerwünschte SPAM-Mails ausgesendet wurden.
Möchte mich auf jeden Fall an dieser Stelle sehr herzlich bei dir bedanken für die spitzen Betreuung.

Alt 23.10.2012, 09:05   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AdAware "Trojan.Win32.FakeVimes.ge" - Standard

AdAware "Trojan.Win32.FakeVimes.ge"


Was für eine Windows-Version hat er dir denn installiert?
Ich will dir jetzt keinen Raubkopierei unterstellen, du hast ja Windows nicht selbst installiert, nur ist die Gefahr bei Versionen aus dem Untergrund hoch, dass da irgendeine Malware schon in die Installationsdateien reingepfriemelt wurde....
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.10.2012, 21:14   #23
hemisphere07
 
AdAware "Trojan.Win32.FakeVimes.ge" - Standard

AdAware "Trojan.Win32.FakeVimes.ge"


Wdws XP Professional Version 2002 damals glaube ich SP 2.
Nachdem das Programm jetzt knapp 3 1/2 Jahre ohne gröbere Probleme seinen Dienst getan hat, gehe ich nicht davon aus, dass Malware schon drauf war.
Sowie die Dinge nun stehen, schaut's offensichtlich so aus, als komme ich um eine Neuinstallation nicht herum. Hatte gehofft dem könnte ich Dank eurer Hilfe entgehen.

Trotzdem nochmals Danke für die Unterstützung.

Alt 24.10.2012, 10:30   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AdAware "Trojan.Win32.FakeVimes.ge" - Standard

AdAware "Trojan.Win32.FakeVimes.ge"


Nein wir machen weiter

Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
SRV - [2012.10.12 18:02:45 | 000,059,776 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINDOWS\System32\drivers\78edf8e8d34ecce2.sys -- (78edf8e8d34ecce2)
DRV - [2012.10.12 18:02:45 | 000,059,776 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\System32\drivers\78edf8e8d34ecce2.sys -- (78edf8e8d34ecce2)
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\hpothb07.dat ()
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\hpothb07.tif ()
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:317EBE71ED39BCCE
:Files
C:\WINDOWS\System32\drivers\78edf8e8d34ecce2.sys
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten
Geändert von cosinus (24.10.2012 um 10:44 Uhr)

Alt 24.10.2012, 19:28   #25
hemisphere07
 
AdAware "Trojan.Win32.FakeVimes.ge" - Standard

AdAware "Trojan.Win32.FakeVimes.ge"


Hallo cosinus!
Bin begeistert, dass ich weiterhin deine Unterstützung habe.
Finde ich echt toll.
Habe OTL-Runfix im normalen Modus ausgeführt (nicht im abgesicherten). Rechner wurde neu gestartet.
Schöne Grüße
Christian

Code:
ATTFilter
All processes killed
========== OTL ==========
Error: No service named 78edf8e8d34ecce2 was found to stop!
Service\Driver key 78edf8e8d34ecce2 not found.
File move failed. C:\WINDOWS\system32\drivers\78edf8e8d34ecce2.sys scheduled to be moved on reboot.
Error: No service named 78edf8e8d34ecce2 was found to stop!
Service\Driver key 78edf8e8d34ecce2 not found.
File move failed. C:\WINDOWS\system32\drivers\78edf8e8d34ecce2.sys scheduled to be moved on reboot.
C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\hpothb07.dat moved successfully.
C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\hpothb07.tif moved successfully.
ADS C:\WINDOWS:317EBE71ED39BCCE deleted successfully.
========== FILES ==========
File move failed. C:\WINDOWS\System32\drivers\78edf8e8d34ecce2.sys scheduled to be moved on reboot.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\user\Desktop\OTL\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\user\Desktop\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 130710 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
 
User: user
->Temp folder emptied: 24238182 bytes
->Temporary Internet Files folder emptied: 252786945 bytes
->Java cache emptied: 15248477 bytes
->Flash cache emptied: 1883 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11193140 bytes
RecycleBin emptied: 911029 bytes
 
Total Files Cleaned = 293,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10242012_195529

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\78edf8e8d34ecce2.sys scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 24.10.2012, 20:41   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AdAware "Trojan.Win32.FakeVimes.ge" - Standard

AdAware "Trojan.Win32.FakeVimes.ge"


Ok, eine Kontrolle bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.10.2012, 21:21   #27
hemisphere07
 
AdAware "Trojan.Win32.FakeVimes.ge" - Standard

AdAware "Trojan.Win32.FakeVimes.ge"


Habe mir die Logs kurz durchgeschaut, wobei mir aufgefallen ist, dass im zweiten Log unter "System Events" Fehler angezeigt sind zu einem Zeitpunkt an dem der PC gar nicht aufgedreht war. Hat das irgend eine Bedeutung - kannst du was damit anfangen?

Log 1
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.10.2012 21:53:25 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\user\Desktop\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 81,25% Memory free
11,07 Gb Paging File | 10,54 Gb Available in Paging File | 95,19% Paging File free
Paging file location(s): C:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97,65 Gb Total Space | 40,44 Gb Free Space | 41,41% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 322,11 Gb Free Space | 87,51% Space Free | Partition Type: NTFS
 
Computer Name: USERPC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\user\Desktop\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Programme\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3175.36946__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3175.37043__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3175.37089__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3175.37064__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3175.36923__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3175.36949__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3175.37057__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3175.37026__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3175.36941__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3175.37000__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3175.36934__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3175.37090__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3175.36947__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3175.36933__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3175.36946__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3175.37004__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3175.37115__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3175.37048__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3175.37035__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3175.36950__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3175.37036__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3175.37003__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3175.37114__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3175.37034__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3175.37059__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3175.37028__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3175.36951__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3175.36995__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3175.36936__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3175.37002__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3175.37020__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3175.37000__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3175.36955__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3175.37002__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3175.37019__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3156.17681__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3175.37023__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3156.17682__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3156.17703__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3156.17694__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3156.17689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3156.17699__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3156.17703__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3156.17698__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3156.17722__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3156.17701__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3156.17721__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3156.17721__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3156.17682__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3156.17695__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3156.17708__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3156.17708__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3156.17718__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3156.17701__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3156.17747__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3156.17709__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3156.17697__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3156.17695__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3156.17689__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3156.17703__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3156.17694__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3156.17702__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3156.17700__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3156.17695__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.resources\2.0.3175.36928_de_90ba9c70f846762e\CLI.Component.Dashboard.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3175.36928__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3175.37069__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3175.36940__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3175.37078__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3175.36920__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3175.37075__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3175.36922__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3156.17698__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3175.37106__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3156.17686__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3156.17689__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3156.17698__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3156.17702__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3156.17702__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3156.17686__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3175.37120__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3175.36917__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3175.37069_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.AIB.VividDesktop.Dashboard\1.2.3188.18570__90ba9c70f846762e\CLI.AIB.VividDesktop.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.AIB.TutorialOverDrive3.Tutorial.Dashboard\1.2.3188.18578__90ba9c70f846762e\CLI.AIB.TutorialOverDrive3.Tutorial.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.AIB.VividVideoPlayback.Dashboard\1.2.3188.18567__90ba9c70f846762e\CLI.AIB.VividVideoPlayback.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard\1.2.3188.18579__90ba9c70f846762e\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3175.36921__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3175.36919__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3175.36917__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3156.17692__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3175.37077__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3156.17711__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (gupdate) -- C:\Programme\Google\Update\GoogleUpdate.exe /svc File not found
SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (78edf8e8d34ecce2) -- C:\WINDOWS\System32\drivers\78edf8e8d34ecce2.sys ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Ad-Aware Service) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (SBAMSvc) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (Ca1528av) -- System32\Drivers\Ca1528av.sys File not found
DRV - (Bulk1528) -- System32\Drivers\Bulk1528.sys File not found
DRV - (78edf8e8d34ecce2) -- C:\WINDOWS\System32\drivers\78edf8e8d34ecce2.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (RDPWD) -- C:\WINDOWS\System32\drivers\rdpwd.sys ()
DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys ()
DRV - (tdrpman174) -- C:\WINDOWS\system32\drivers\tdrpm174.sys ()
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys ()
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys ()
DRV - (snapman380) -- C:\WINDOWS\system32\drivers\snman380.sys ()
DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys ()
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys ()
DRV - (cpuz135) -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys ()
DRV - (AFD) -- C:\WINDOWS\system32\drivers\afd.sys ()
DRV - (MRxSmb) -- C:\WINDOWS\system32\drivers\mrxsmb.sys ()
DRV - (NdisTapi) -- C:\WINDOWS\system32\drivers\ndistapi.sys ()
DRV - (Mup) -- C:\WINDOWS\System32\drivers\mup.sys ()
DRV - (Srv) -- C:\WINDOWS\system32\drivers\srv.sys ()
DRV - (NDProxy) -- C:\WINDOWS\System32\drivers\ndproxy.sys ()
DRV - (smhwser) -- C:\WINDOWS\system32\drivers\smhwser.sys ()
DRV - (smhwdev) -- C:\WINDOWS\system32\drivers\smhwdev.sys ()
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\smhwadb.sys ()
DRV - (HTTP) -- C:\WINDOWS\system32\drivers\http.sys ()
DRV - (KSecDD) -- C:\WINDOWS\System32\drivers\ksecdd.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys ()
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys ()
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys ()
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys ()
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Programme\CyberLink\PowerDVD8\000.fcl ()
DRV - (Tcpip) -- C:\WINDOWS\system32\drivers\tcpip.sys ()
DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys ()
DRV - (Ntfs) -- C:\WINDOWS\System32\drivers\ntfs.sys ()
DRV - (Update) -- C:\WINDOWS\system32\drivers\update.sys ()
DRV - (ACPI) -- C:\WINDOWS\system32\drivers\acpi.sys ()
DRV - (NDIS) -- C:\WINDOWS\System32\drivers\ndis.sys ()
DRV - (MRxDAV) -- C:\WINDOWS\system32\drivers\mrxdav.sys ()
DRV - (Rdbss) -- C:\WINDOWS\system32\drivers\rdbss.sys ()
DRV - (NetBT) -- C:\WINDOWS\system32\drivers\netbt.sys ()
DRV - (dmio) -- C:\WINDOWS\system32\drivers\dmio.sys ()
DRV - (IpNat) -- C:\WINDOWS\system32\drivers\ipnat.sys ()
DRV - (Fastfat) -- C:\WINDOWS\System32\drivers\fastfat.sys ()
DRV - (FltMgr) -- C:\WINDOWS\system32\drivers\fltMgr.sys ()
DRV - (Ftdisk) -- C:\WINDOWS\system32\drivers\ftdisk.sys ()
DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys ()
DRV - (atapi) -- C:\WINDOWS\system32\drivers\atapi.sys ()
DRV - (NdisWan) -- C:\WINDOWS\system32\drivers\ndiswan.sys ()
DRV - (Parport) -- C:\WINDOWS\System32\drivers\parport.sys ()
DRV - (IPSec) -- C:\WINDOWS\system32\drivers\ipsec.sys ()
DRV - (sr) -- C:\WINDOWS\system32\drivers\sr.sys ()
DRV - (PSched) -- C:\WINDOWS\system32\drivers\psched.sys ()
DRV - (PCI) -- C:\WINDOWS\system32\drivers\pci.sys ()
DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys ()
DRV - (Serial) -- C:\WINDOWS\system32\drivers\serial.sys ()
DRV - (Cdfs) -- C:\WINDOWS\System32\drivers\cdfs.sys ()
DRV - (Cdrom) -- C:\WINDOWS\system32\drivers\cdrom.sys ()
DRV - (Atmarpc) -- C:\WINDOWS\system32\drivers\atmarpc.sys ()
DRV - (usbhub) -- C:\WINDOWS\system32\drivers\usbhub.sys ()
DRV - (VolSnap) -- C:\WINDOWS\System32\drivers\volsnap.sys ()
DRV - (i8042prt) -- C:\WINDOWS\system32\drivers\i8042prt.sys ()
DRV - (Rasl2tp) -- C:\WINDOWS\system32\drivers\rasl2tp.sys ()
DRV - (PptpMiniport) -- C:\WINDOWS\system32\drivers\raspptp.sys ()
DRV - (Fips) -- C:\WINDOWS\System32\drivers\fips.sys ()
DRV - (MountMgr) -- C:\WINDOWS\System32\drivers\mountmgr.sys ()
DRV - (Imapi) -- C:\WINDOWS\system32\drivers\imapi.sys ()
DRV - (RasPppoe) -- C:\WINDOWS\system32\drivers\raspppoe.sys ()
DRV - (Processor) -- C:\WINDOWS\system32\drivers\processr.sys ()
DRV - (isapnp) -- C:\WINDOWS\system32\drivers\isapnp.sys ()
DRV - (Ip6Fw) -- C:\WINDOWS\system32\drivers\ip6fw.sys ()
DRV - (Disk) -- C:\WINDOWS\system32\drivers\disk.sys ()
DRV - (Gpc) -- C:\WINDOWS\system32\drivers\msgpc.sys ()
DRV - (NetBIOS) -- C:\WINDOWS\system32\drivers\netbios.sys ()
DRV - (Wanarp) -- C:\WINDOWS\system32\drivers\wanarp.sys ()
DRV - (IpFilterDriver) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys ()
DRV - (NwlnkFwd) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys ()
DRV - (Npfs) -- C:\WINDOWS\System32\drivers\npfs.sys ()
DRV - (Modem) -- C:\WINDOWS\System32\drivers\modem.sys ()
DRV - (usbehci) -- C:\WINDOWS\system32\drivers\usbehci.sys ()
DRV - (Fdc) -- C:\WINDOWS\system32\drivers\fdc.sys ()
DRV - (Kbdclass) -- C:\WINDOWS\system32\drivers\kbdclass.sys ()
DRV - (Mouclass) -- C:\WINDOWS\system32\drivers\mouclass.sys ()
DRV - (TDTCP) -- C:\WINDOWS\System32\drivers\tdtcp.sys ()
DRV - (VgaSave) -- C:\WINDOWS\system32\drivers\vga.sys ()
DRV - (IpInIp) -- C:\WINDOWS\system32\drivers\ipinip.sys ()
DRV - (Flpydisk) -- C:\WINDOWS\system32\drivers\flpydisk.sys ()
DRV - (PartMgr) -- C:\WINDOWS\System32\drivers\partmgr.sys ()
DRV - (Msfs) -- C:\WINDOWS\System32\drivers\msfs.sys ()
DRV - (Cdaudio) -- C:\WINDOWS\System32\drivers\cdaudio.sys ()
DRV - (usbohci) -- C:\WINDOWS\system32\drivers\usbohci.sys ()
DRV - (Raspti) -- C:\WINDOWS\system32\drivers\raspti.sys ()
DRV - (serenum) -- C:\WINDOWS\system32\drivers\serenum.sys ()
DRV - (mssmbios) -- C:\WINDOWS\system32\drivers\mssmbios.sys ()
DRV - (Ndisuio) -- C:\WINDOWS\system32\drivers\ndisuio.sys ()
DRV - (AsyncMac) -- C:\WINDOWS\system32\drivers\asyncmac.sys ()
DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys ()
DRV - (NwlnkFlt) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys ()
DRV - (mouhid) -- C:\WINDOWS\system32\drivers\mouhid.sys ()
DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys ()
DRV - (TDPIPE) -- C:\WINDOWS\System32\drivers\tdpipe.sys ()
DRV - (Sfloppy) -- C:\WINDOWS\System32\drivers\sfloppy.sys ()
DRV - (IRENUM) -- C:\WINDOWS\system32\drivers\irenum.sys ()
DRV - (RasAcd) -- C:\WINDOWS\system32\drivers\rasacd.sys ()
DRV - (Fs_Rec) -- C:\WINDOWS\System32\drivers\fs_rec.sys ()
DRV - (ParVdm) -- C:\WINDOWS\System32\drivers\parvdm.sys ()
DRV - (dmload) -- C:\WINDOWS\system32\drivers\dmload.sys ()
DRV - (swenum) -- C:\WINDOWS\system32\drivers\swenum.sys ()
DRV - (RDPCDD) -- C:\WINDOWS\system32\drivers\rdpcdd.sys ()
DRV - (mnmdd) -- C:\WINDOWS\System32\drivers\mnmdd.sys ()
DRV - (Beep) -- C:\WINDOWS\System32\drivers\beep.sys ()
DRV - (PCIIde) -- C:\WINDOWS\system32\drivers\pciide.sys ()
DRV - (Null) -- C:\WINDOWS\System32\drivers\null.sys ()
DRV - (TermDD) -- C:\WINDOWS\system32\drivers\termdd.sys ()
DRV - (kbdhid) -- C:\WINDOWS\system32\drivers\kbdhid.sys ()
DRV - (redbook) -- C:\WINDOWS\system32\drivers\redbook.sys ()
DRV - (wdmaud) -- C:\WINDOWS\system32\drivers\wdmaud.sys ()
DRV - (sysaudio) -- C:\WINDOWS\system32\drivers\sysaudio.sys ()
DRV - (usbprint) -- C:\WINDOWS\system32\drivers\usbprint.sys ()
DRV - (usbccgp) -- C:\WINDOWS\system32\drivers\usbccgp.sys ()
DRV - (USBSTOR) -- C:\WINDOWS\system32\drivers\USBSTOR.SYS ()
DRV - (usbscan) -- C:\WINDOWS\system32\drivers\usbscan.sys ()
DRV - (hidusb) -- C:\WINDOWS\system32\drivers\hidusb.sys ()
DRV - (drmkaud) -- C:\WINDOWS\system32\drivers\drmkaud.sys ()
DRV - (kmixer) -- C:\WINDOWS\system32\drivers\kmixer.sys ()
DRV - (swmidi) -- C:\WINDOWS\system32\drivers\swmidi.sys ()
DRV - (splitter) -- C:\WINDOWS\system32\drivers\splitter.sys ()
DRV - (DMusic) -- C:\WINDOWS\system32\drivers\DMusic.sys ()
DRV - (MSKSSRV) -- C:\WINDOWS\system32\drivers\MSKSSRV.sys ()
DRV - (MSPCLOCK) -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys ()
DRV - (MSPQM) -- C:\WINDOWS\system32\drivers\MSPQM.sys ()
DRV - (WmiAcpi) -- C:\WINDOWS\system32\drivers\wmiacpi.sys ()
DRV - (rdpdr) -- C:\WINDOWS\system32\drivers\rdpdr.sys ()
DRV - (aec) -- C:\WINDOWS\system32\drivers\aec.sys ()
DRV - (amdide) -- C:\WINDOWS\system32\drivers\amdide.sys ()
DRV - (tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys ()
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys ()
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys ()
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys ()
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys ()
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys ()
DRV - (Wdf01000) -- C:\WINDOWS\system32\drivers\wdf01000.sys ()
DRV - (WpdUsb) -- C:\WINDOWS\system32\drivers\wpdusb.sys ()
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys ()
DRV - (WudfRd) -- C:\WINDOWS\system32\drivers\WudfRd.sys ()
DRV - (WudfPf) -- C:\WINDOWS\system32\drivers\WudfPf.sys ()
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys ()
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys ()
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys ()
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys ()
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys ()
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys ()
DRV - (audstub) -- C:\WINDOWS\system32\drivers\audstub.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default Font Size = 01 00 00 00  [binary data]
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://suche.aon.at
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\..\SearchScopes\{C5CF2981-4EEC-473D-9E6D-CB6E8C489AA1}: "URL" = hxxp://www.google.at/search?hl=de&q={searchTerms}&meta=&rlz=1I7ADSA_de
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Programme\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Programme\Philips\Internet Video Downloader\Plugin_FireFox [2010.03.21 19:56:36 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2012.10.24 19:57:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Programme\Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Programme\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe File not found
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CitrixReceiver] "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Programme\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\user\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADA10E3B-8384-44E9-AF09-68293070DE3A}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Programme\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.14 16:59:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5a1f32b2-d86a-11df-abcd-0021853f154a}\Shell - "" = AutoRun
O33 - MountPoints2\{5a1f32b2-d86a-11df-abcd-0021853f154a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5a1f32b2-d86a-11df-abcd-0021853f154a}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{ae5e6fc8-1253-11e0-a2c1-0021853f154a}\Shell - "" = AutoRun
O33 - MountPoints2\{ae5e6fc8-1253-11e0-a2c1-0021853f154a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ae5e6fc8-1253-11e0-a2c1-0021853f154a}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{b748d118-d799-11df-abca-0021853f154a}\Shell - "" = AutoRun
O33 - MountPoints2\{b748d118-d799-11df-abca-0021853f154a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b748d118-d799-11df-abca-0021853f154a}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{faf10c81-9e80-11e0-a560-0021853f154a}\Shell - "" = AutoRun
O33 - MountPoints2\{faf10c81-9e80-11e0-a560-0021853f154a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{faf10c81-9e80-11e0-a560-0021853f154a}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.24 20:01:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Startmenü\Programme\CyberLink PowerDVD 8
[2012.10.24 19:55:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.21 18:35:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\OTL
[2012.10.20 20:19:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Eset Onl Scanner
[2012.10.20 10:48:38 | 000,000,000 | ---D | C] -- C:\Programme\a-squared Free
[2012.10.20 10:47:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\A²
[2012.10.17 21:31:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\ADWcleaner
[2012.10.14 15:15:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes
[2012.10.14 15:15:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.10.14 15:15:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.10.14 15:15:14 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.10.14 15:14:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Malwarebytes
[2012.10.14 13:04:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Gmer
[2012.10.14 11:49:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Ad-Aware Antivirus
[2012.10.14 11:37:07 | 000,000,000 | ---D | C] -- C:\Programme\PC Antivirus
[2012.10.14 11:37:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVC1Data
[2012.10.14 10:34:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Emails_24_10_1030
[2012.10.14 02:24:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\PC Antivirus
[2012.10.14 02:24:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\AVPro
[2012.10.14 02:24:05 | 006,393,144 | ---- | C] (PC Antivirus Pro) -- C:\WINDOWS\uninstac.exe
[2012.10.14 02:24:03 | 000,582,992 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbap.dll
[2012.10.14 02:24:02 | 000,415,056 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\SpursDownload.dll
[2012.10.14 02:23:59 | 001,332,560 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbte.dll
[2012.10.12 17:49:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\LavasoftStatistics
[2012.10.12 17:42:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus
[2012.10.12 17:35:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ad-Aware Antivirus
[2012.10.12 17:35:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
[2012.10.12 17:34:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\VDD
[2012.10.12 17:34:52 | 000,000,000 | ---D | C] -- C:\Programme\Ad-Aware Antivirus
[2012.10.12 17:33:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
[2012.10.12 17:33:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\adawarebp
[2012.10.12 17:33:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
[2012.10.12 17:33:10 | 000,000,000 | ---D | C] -- C:\Programme\adawaretb
[2012.10.12 17:33:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\adawaretb
[2012.10.12 17:33:08 | 000,000,000 | ---D | C] -- C:\Programme\Toolbar Cleaner
[2012.10.12 17:31:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ad-Aware Antivirus
[2012.10.12 17:31:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\AA
[2012.10.12 16:47:09 | 000,000,000 | ---D | C] -- C:\Lop SD
[2012.10.12 16:20:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\HJt
[2012.10.03 22:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google
[2012.09.30 10:32:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Winterreifen_2012
[2012.09.26 16:12:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Nationalparktage
[2010.01.20 13:08:44 | 000,192,512 | ---- | C] (GPP Software) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\LLIB32D.DLL
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.24 21:28:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.10.24 21:18:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.24 20:00:41 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.24 20:00:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.24 19:57:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012.10.24 19:52:34 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2012.10.23 21:47:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.21 20:41:23 | 001,918,687 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Scannen.psd
[2012.10.21 12:00:00 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.10.14 20:17:06 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012.10.14 02:24:04 | 000,582,992 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\sbap.dll
[2012.10.14 02:24:03 | 000,415,056 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\SpursDownload.dll
[2012.10.14 02:24:02 | 001,332,560 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\sbte.dll
[2012.10.14 02:23:59 | 000,308,560 | ---- | M] () -- C:\WINDOWS\System32\vipre.dll
[2012.10.14 02:23:58 | 000,160,768 | ---- | M] () -- C:\WINDOWS\System32\unrar.dll
[2012.10.14 02:21:34 | 006,393,144 | ---- | M] (PC Antivirus Pro) -- C:\WINDOWS\uninstac.exe
[2012.10.12 18:02:45 | 000,059,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\78edf8e8d34ecce2.sys
[2012.10.11 16:33:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.10.11 05:57:40 | 000,452,756 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.10.11 05:57:40 | 000,435,996 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.11 05:57:40 | 000,081,468 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.10.11 05:57:40 | 000,068,700 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.09 00:28:55 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.10.09 00:28:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.10.08 20:52:41 | 000,000,191 | ---- | M] () -- D:\Eigene Dateien\DPE.DUS
[2012.10.03 21:29:49 | 000,004,298 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\DriveCalculator Preferences
[2012.10.02 16:35:56 | 000,300,001 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Transaktionsdetails.pdf
[2012.10.02 16:24:42 | 000,488,881 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Formular Zollbenachrichtigung.pdf
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.24 23:13:11 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.09.24 22:18:50 | 000,000,080 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
 
========== Files Created - No Company Name ==========
 
[2012.10.14 20:17:06 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012.10.14 12:05:15 | 000,000,960 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.10.14 02:23:59 | 000,308,560 | ---- | C] () -- C:\WINDOWS\System32\vipre.dll
[2012.10.14 02:23:58 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012.10.12 18:02:45 | 000,059,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\78edf8e8d34ecce2.sys
[2012.10.12 17:35:29 | 000,077,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2012.10.12 17:35:28 | 000,021,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2012.10.02 16:35:53 | 000,300,001 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\Transaktionsdetails.pdf
[2012.10.02 16:25:42 | 000,048,022 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\Rechnung.pdf
[2012.10.02 16:24:37 | 000,488,881 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\Formular Zollbenachrichtigung.pdf
[2012.08.31 10:37:41 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.13 21:31:43 | 000,043,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\ser2pl.sys
[2012.04.25 08:03:28 | 000,067,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\ctxusbm.sys
[2012.04.07 20:27:47 | 000,021,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys
[2011.12.11 21:16:56 | 000,971,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\tdrpm174.sys
[2011.12.11 21:16:54 | 000,540,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\timntr.sys
[2011.12.11 21:16:54 | 000,044,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\tifsfilt.sys
[2011.12.11 21:16:50 | 000,134,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\snman380.sys
[2011.10.26 14:23:40 | 000,101,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.06.24 18:42:54 | 000,108,032 | R--- | C] () -- C:\WINDOWS\System32\drivers\smhwser.sys
[2011.06.24 18:42:54 | 000,100,864 | R--- | C] () -- C:\WINDOWS\System32\drivers\smhwdev.sys
[2011.06.24 18:42:54 | 000,025,728 | R--- | C] () -- C:\WINDOWS\System32\drivers\smhwadb.sys
[2010.09.10 16:58:22 | 000,004,298 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\DriveCalculator Preferences
[2010.09.10 16:52:31 | 000,000,258 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\PropCalc Preferences
[2010.01.20 13:08:50 | 000,003,346 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\MNO.DAT
[2009.11.22 13:11:56 | 000,429,549 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\mdbu.bin
[2009.05.15 16:27:03 | 000,000,080 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2009.03.28 16:20:08 | 000,004,395 | -H-- | C] () -- C:\Dokumente und Einstellungen\user\hpothb07.tif
[2009.03.28 16:20:08 | 000,000,488 | -H-- | C] () -- C:\Dokumente und Einstellungen\user\hpothb07.dat
[2009.02.18 16:49:24 | 000,000,257 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpothb07.tif
[2009.02.18 16:49:24 | 000,000,189 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpothb07.dat
[2009.02.14 17:44:57 | 000,001,024 | ---- | C] () -- C:\Dokumente und Einstellungen\user\.rnd
 
========== ZeroAccess Check ==========
 
[2009.02.14 17:10:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.10.16 03:00:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\user\Desktop\Scannen.psd:SummaryInformation

< End of report >
--- --- ---

[/code]

Log 2
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.10.2012 21:53:25 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\user\Desktop\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 81,25% Memory free
11,07 Gb Paging File | 10,54 Gb Available in Paging File | 95,19% Paging File free
Paging file location(s): C:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97,65 Gb Total Space | 40,44 Gb Free Space | 41,41% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 322,11 Gb Free Space | 87,51% Space Free | Partition Type: NTFS
 
Computer Name: USERPC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\WINDOWS\Temp\Installer.exe" = C:\WINDOWS\Temp\Installer.exe:*:Enabled:Breitband-Internet-Installation
"C:\Programme\aon\aonController\aonController.exe" = C:\Programme\aon\aonController\aonController.exe:*:Enabled:Controller -- (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Programme\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Programme\Microsoft Games\Flight Simulator 9\fs9.exe:*:Disabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
"C:\Programme\Google Earth\Google Earth\client\googleearth.exe" = C:\Programme\Google Earth\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
"C:\Programme\aon\aonInstaller\Installer.exe" = C:\Programme\aon\aonInstaller\Installer.exe:*:Enabled:Breitband-Internet-Installation -- (mquadr.at software engineering & consulting GmbH - Web: hxxp://www.mquadr.at - Mail: office@mquadr.at)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AF8333-27BE-35F1-B5B6-EBCD89F846AF}" = Catalyst Control Center Localization Spanish
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A561DC3-36F0-4EBA-961D-531F82D053C9}" = Self-Service Plug-in
"{0C5AA351-4C6B-8452-0DEB-DD9FFF4DB53F}" = CCC Help Chinese Standard
"{0D94B4A1-E09B-87B8-5FFD-6F720B5430BD}" = CCC Help French
"{0EB183F5-17C6-45AA-96EC-888C615AD53C}" = Citrix Receiver (HDX Flash-Umleitung)
"{0FA8B0C1-CBBD-5348-CA3F-B6EE90B7F186}" = Catalyst Control Center Graphics Light
"{137603DC-0050-D41D-DAEF-9CC1D6899B7B}" = Catalyst Control Center Localization Chinese Traditional
"{1A6570E5-D0C8-CEC5-C8AE-EE6EB1C72286}" = CCC Help German
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4547C5-F62E-BA06-17D7-37EDB842D0FA}" = CCC Help Korean
"{1FFB4E2F-60A9-4BC9-B04B-0CEB8E108232}" = Extentrix Endpoint Analysis Client 4.8
"{2191089C-FCB6-0DE1-8DFA-62481BA15887}" = CCC Help Polish
"{234AB115-C6C4-4ACB-A029-8845120E4F37}" = Online Plug-in
"{23DBDF71-1070-B12D-DE81-3DE82BD0EE0F}" = Catalyst Control Center Localization Japanese
"{260954A3-6960-C01E-6F40-1CE0A93BF626}" = Catalyst Control Center Localization German
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2822B2F8-1509-1CCC-D6B4-488085F4DB4F}" = CCC Help Finnish
"{29B36F38-1071-DE31-F13F-AB772EACB520}" = CCC Help Dutch
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{36B6CCCF-97C3-4BC3-8890-A2E778C0037E}" = Citrix Receiver Updater
"{37334614-FAB1-4C67-9973-BC6C1DF82DAE}" = Citrix Receiver (USB)
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{382B1538-6CF7-D096-0943-1CC4697BD96C}" = CCC Help Japanese
"{3972733B-D4D3-D199-94AC-ED8C897A5D77}" = CCC Help Swedish
"{434E3EEC-60B2-F0EF-41F7-2D2D18DC120E}" = CCC Help Norwegian
"{43B0D334-9A1B-4257-9E51-D3813BD8B9D0}" = GoGear ARIA Device Manager
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{48496AE8-7D00-419A-B131-A7593A4787BA}" = LAGO FS Falcon FS2004 version 2.00
"{497C2376-FB2E-C042-7AE0-143AED4D04FB}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6DF1FE-DA7B-9A5B-01AA-091314B3BFEE}" = Catalyst Control Center Graphics Full New
"{534FA2AB-C09D-F3F8-355B-74289B4A25B0}" = CCC Help Spanish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B1172A6-1EF8-55B9-B6D1-E88DAF7461A0}" = Catalyst Control Center Localization Czech
"{5B1F1DF4-BBF7-A78C-8BE5-4F12A1964638}" = Skins
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5E2A655C-F4C2-CDE8-D463-78865149ABAF}" = Catalyst Control Center Graphics Full Existing
"{626C2AA3-7E89-5A04-F774-C0E016399765}" = Catalyst Control Center Localization Danish
"{687BE4C6-3F13-BB68-41D0-D2ACBE9657E4}" = Catalyst Control Center Localization Norwegian
"{6a4b0a4f-58d0-430c-becc-aa50733cd761}" = Ad-Aware Antivirus
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber 
"{7098EEF7-5B96-F14D-E07D-44169831FE89}" = ccc-core-preinstall
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79E2005B-4D5D-3C7A-D85A-21E24F693607}" = Catalyst Control Center Localization Greek
"{7D08B393-0FBF-F9D4-1EF0-7088B5A4FFE4}" = Catalyst Control Center Localization Dutch
"{88589E54-FDD1-9333-DED9-BCE0155E9241}" = ccc-utility
"{8AEBFD30-B94F-4A49-8106-03039708BDD4}" = Duden Korrektor Patch 012009
"{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}" = AeroFly Professional Deluxe
"{8B43AE66-21A4-1534-3804-E2E5B0B1B74B}" = Catalyst Control Center Localization Italian
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{98927BFC-813F-3A04-A75C-6E131E31F34D}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE22123-D4EE-4D3A-BE87-B5B2622537EF}" = Catalyst Control Center - Branding
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4C6B25C-F9C5-3AD8-AF30-260DF75C23D3}" = CCC Help Turkish
"{A8747D14-8760-1A5B-70C9-D30C3DC2E5C8}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD43F00-91CA-4BDC-A28E-CB3271A39386}" = Citrix Receiver (DV)
"{B582A79C-312D-3673-5A6C-54F3EE7CDDDA}" = Catalyst Control Center Localization Polish
"{BE282C23-5484-47FF-B2C1-EBEA5C891031}" = Nero 8
"{BE88C27E-9418-D76D-BA11-D127932DD6A8}" = Catalyst Control Center Localization Russian
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1CA7048-1331-D216-8648-DE0AD1C2D2D2}" = Catalyst Control Center Localization Turkish
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C3020228-A899-0F93-1168-E9D8AFDB3755}" = Catalyst Control Center Localization Chinese Standard
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C67E3460-4EA6-C3B0-DA09-D2613FE52083}" = Catalyst Control Center Localization Swedish
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CEFB064E-A177-1354-ECBE-2F752819F4F3}" = Catalyst Control Center Localization Hungarian
"{CEFFFB30-308B-B39C-E9D5-C804BB35F76D}" = CCC Help Russian
"{CFAF67D2-FD21-D3DE-E095-1CB4AF3D8DE4}" = ccc-core-static
"{D3BE386D-4A1F-D06B-51F3-B9C010FB60B7}" = Catalyst Control Center Localization Portuguese
"{D5B8CDB6-0F63-49BB-9E32-D0246BE90C8F}" = Duden Korrektor kompakt
"{D810B249-16C2-78C4-BC52-04333C4EEED4}" = CCC Help Greek
"{DAF37B83-F3A5-626F-B9E2-9B931B37C653}" = CCC Help Czech
"{DD60885C-0CBE-40D8-AA14-11D8EDD7D97C}" = Citrix Receiver Inside
"{DD811185-0A2F-460A-B1DD-D786E6034011}" = Citrix Receiver(Aero)
"{E13CDA67-9248-54B4-127A-C1BE8FCF54AA}" = CCC Help Portuguese
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E6EA750D-733D-5CFB-FE09-FE9D2965870A}" = Catalyst Control Center Localization Finnish
"{E8A6BB83-F875-53E1-6BC4-EDD490B68988}" = CCC Help Chinese Traditional
"{E8FC7C4A-FE4E-4356-A1B7-4DC57620DD5C}" = Citrix Authentication Manager
"{E9D314E9-A0BE-3B0F-7301-86928C6CF336}" = CCC Help Hungarian
"{EA684ACD-4EE8-3ACE-9D2A-19B86C156DC0}" = Catalyst Control Center Localization Korean
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F166954A-2FBD-B21E-D823-C9072424B1B3}" = CCC Help Thai
"{F465A8CB-63C4-56FD-EE07-D176CEB333DA}" = CCC Help Danish
"{F54AD6C3-0E7D-8706-AACE-D42F889FC7FF}" = Catalyst Control Center Localization French
"{F706E9C5-7543-FE75-2B75-B46E56EEF062}" = CCC Help Italian
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"ATI Display Driver" = ATI Display Driver
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"Controller" = Controller
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"Flight Simulator 7.0" = Microsoft Flight Simulator 2000
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"FMS" = FMS
"Foxit Creator" = Foxit Creator
"Foxit Reader" = Foxit Reader
"HP PSC 1200 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"Intelli-studio" = SAMSUNG Intelli-studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Suite" = PC Suite
"ST6UNST #1" = MFTech IntCon 2.3.52
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-682003330-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HappyFoto Bestellsoftware" = HappyFoto Bestellsoftware
"OnlineFestplatte" = aon Online Festplatte (entfernen)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.10.2012 14:17:06 | Computer Name = USERPC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF66 Description:.  0x8004FF66.
 
Error - 14.10.2012 14:17:06 | Computer Name = USERPC | Source = Microsoft Security Client | ID = 5000
Description = 
 
Error - 14.10.2012 14:17:06 | Computer Name = USERPC | Source = Microsoft Security Client | ID = 5000
Description = 
 
Error - 15.10.2012 10:45:49 | Computer Name = USERPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.10.2012 10:48:01 | Computer Name = USERPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.10.2012 10:50:20 | Computer Name = USERPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.10.2012 11:31:41 | Computer Name = USERPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung PhotoshopElements.exe, Version 2.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.10.2012 11:41:08 | Computer Name = USERPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.10.2012 11:45:40 | Computer Name = USERPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.10.2012 13:29:54 | Computer Name = USERPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 24.10.2012 13:55:29 | Computer Name = USERPC | Source = Service Control Manager | ID = 7034
Description = Dienst "Ad-Aware Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 24.10.2012 13:55:30 | Computer Name = USERPC | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 24.10.2012 13:55:30 | Computer Name = USERPC | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 
1 Mal passiert.
 
Error - 24.10.2012 13:55:30 | Computer Name = USERPC | Source = Service Control Manager | ID = 7034
Description = Dienst "TOSHIBA Bluetooth Service" wurde unerwartet beendet. Dies 
ist bereits 1 Mal passiert.
 
Error - 24.10.2012 14:01:25 | Computer Name = USERPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 24.10.2012 14:01:25 | Computer Name = USERPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%31
 
Error - 24.10.2012 14:01:25 | Computer Name = USERPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 24.10.2012 14:01:25 | Computer Name = USERPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 24.10.2012 14:01:25 | Computer Name = USERPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, 
der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 24.10.2012 15:15:50 | Computer Name = USERPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%31
 
 
< End of report >
--- --- ---

[/code]

Alt 24.10.2012, 21:37   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AdAware "Trojan.Win32.FakeVimes.ge" - Standard

AdAware "Trojan.Win32.FakeVimes.ge"


Keine Ahnung was das mit der falschen Zeit auf sich hat. Lief die Systemuhr vllt mal verkehrt oder irrst du dich gerade? um welche fraglichen Zeiten geht es denn?

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.10.2012, 14:20   #29
hemisphere07
 
AdAware "Trojan.Win32.FakeVimes.ge" - Standard

AdAware "Trojan.Win32.FakeVimes.ge"


Hi cosinus!

Die fraglichen Zeiten beziehen sich auf das zweite Log im vorangegangenen Posting ganz unten (System Events).
Error - 24.10.2012 13:55:29
Error - 24.10.2012 13:55:30
Error - 24.10.2012 13:55:30
Error - 24.10.2012 13:55:30 etc.
Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet.

Ich habe doch nichts mit der SwissArmy am Hut?!
Weiß nur, dass ich den PC zu den obigen Zeiten sicherlich nicht an hatte.

KasperskyTDSSKiller hat während der Initialisierung bei 40% einer Fehlermeldung angezeigt:
„Can’t load driver“ --> habe ich mit o.k. bestätigt. San ist dann ohne Probleme durchgegengen.
Die Reparatur der zwei Funde habe ich mit „skip“ gecancelt.
Anbei das Log:
Code:
ATTFilter
14:49:05.0515 0952  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
14:49:05.0843 0952  ============================================================
14:49:05.0843 0952  Current date / time: 2012/10/25 14:49:05.0843
14:49:05.0843 0952  SystemInfo:
14:49:05.0843 0952  
14:49:05.0843 0952  OS Version: 5.1.2600 ServicePack: 3.0
14:49:05.0843 0952  Product type: Workstation
14:49:05.0843 0952  ComputerName: USERPC
14:49:05.0843 0952  UserName: user
14:49:05.0843 0952  Windows directory: C:\WINDOWS
14:49:05.0843 0952  System windows directory: C:\WINDOWS
14:49:05.0843 0952  Processor architecture: Intel x86
14:49:05.0843 0952  Number of processors: 2
14:49:05.0843 0952  Page size: 0x1000
14:49:05.0843 0952  Boot type: Normal boot
14:49:05.0843 0952  ============================================================
14:49:51.0125 0952  !crdlk
14:49:51.0125 0952  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
14:49:56.0640 0952  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:49:56.0640 0952  ============================================================
14:49:56.0640 0952  \Device\Harddisk0\DR0:
14:49:56.0640 0952  MBR partitions:
14:49:56.0640 0952  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
14:49:56.0671 0952  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x2E031A75
14:49:56.0671 0952  ============================================================
14:49:56.0703 0952  C: <-> \Device\Harddisk0\DR0\Partition1
14:49:56.0734 0952  D: <-> \Device\Harddisk0\DR0\Partition2
14:49:56.0734 0952  ============================================================
14:49:56.0734 0952  Initialize success
14:49:56.0734 0952  ============================================================
14:50:50.0906 3368  ============================================================
14:50:50.0906 3368  Scan started
14:50:50.0906 3368  Mode: Manual; SigCheck; TDLFS; 
14:50:50.0906 3368  ============================================================
14:50:51.0093 3368  ================ Scan system memory ========================
14:50:51.0093 3368  System memory - ok
14:50:51.0093 3368  ================ Scan services =============================
14:50:51.0437 3368  Suspicious service (NoAccess): 78edf8e8d34ecce2
14:50:52.0062 3368  [ 0907292986E05A8752BC1863556D229E ] 78edf8e8d34ecce2 C:\WINDOWS\System32\Drivers\78edf8e8d34ecce2.sys
14:50:52.0062 3368  Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\78edf8e8d34ecce2.sys. md5: 0907292986E05A8752BC1863556D229E
14:50:53.0781 3368  78edf8e8d34ecce2 ( Rootkit.Win32.Necurs.gen ) - infected
14:50:53.0781 3368  78edf8e8d34ecce2 - detected Rootkit.Win32.Necurs.gen (0)
14:50:53.0937 3368  Abiosdsk - ok
14:50:54.0109 3368  abp480n5 - ok
14:50:54.0343 3368  ACDaemon - ok
14:50:54.0656 3368  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:50:59.0265 3368  ACPI - ok
14:50:59.0484 3368  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:50:59.0578 3368  ACPIEC - ok
14:51:00.0109 3368  [ 2E482249AA953C4B9DA4E84124EC7407 ] AcrSch2Svc      C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
14:51:00.0453 3368  AcrSch2Svc - ok
14:51:01.0375 3368  [ C59992E25F4EBAD9E5C15B0D5D225F99 ] Ad-Aware Service C:\Programme\Ad-Aware Antivirus\AdAwareService.exe
14:51:02.0796 3368  Ad-Aware Service - ok
14:51:03.0140 3368  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:51:03.0343 3368  AdobeFlashPlayerUpdateSvc - ok
14:51:03.0500 3368  adpu160m - ok
14:51:03.0765 3368  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:51:03.0843 3368  aec - ok
14:51:04.0156 3368  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:51:04.0281 3368  AFD - ok
14:51:04.0437 3368  Aha154x - ok
14:51:04.0593 3368  aic78u2 - ok
14:51:04.0765 3368  aic78xx - ok
14:51:04.0984 3368  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:51:05.0093 3368  Alerter - ok
14:51:05.0296 3368  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
14:51:05.0343 3368  ALG - ok
14:51:05.0500 3368  AliIde - ok
14:51:05.0687 3368  [ 6E58654CB25730B2579E45E1FD116A47 ] amdide          C:\WINDOWS\system32\DRIVERS\amdide.sys
14:51:05.0703 3368  amdide - ok
14:51:05.0875 3368  amsint - ok
14:51:06.0078 3368  [ E94E2EA7FAAA05C776A711EDB198B9FD ] androidusb      C:\WINDOWS\system32\Drivers\smhwadb.sys
14:51:06.0125 3368  androidusb - ok
14:51:06.0484 3368  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:51:06.0656 3368  AppMgmt - ok
14:51:06.0828 3368  asc - ok
14:51:06.0984 3368  asc3350p - ok
14:51:07.0140 3368  asc3550 - ok
14:51:07.0609 3368  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:51:07.0687 3368  aspnet_state - ok
14:51:07.0859 3368  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:51:07.0937 3368  AsyncMac - ok
14:51:08.0187 3368  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:51:08.0281 3368  atapi - ok
14:51:08.0453 3368  Atdisk - ok
14:51:08.0984 3368  [ B8DBF155EAE86B1468FEEA472E94AEFB ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:51:09.0531 3368  Ati HotKey Poller - ok
14:51:10.0046 3368  [ AD1865C5E1842C8BA06BE3B1799315AA ] ATI Smart       C:\WINDOWS\system32\ati2sgag.exe
14:51:10.0671 3368  ATI Smart ( UnsignedFile.Multi.Generic ) - warning
14:51:10.0671 3368  ATI Smart - detected UnsignedFile.Multi.Generic (1)
14:51:12.0937 3368  [ 1DB0E5F78A67307F9C68D777873C1164 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:51:15.0031 3368  ati2mtag - ok
14:51:15.0359 3368  [ 591A9EABB5EF5168E435C2F18B05DD76 ] AtiHdmiService  C:\WINDOWS\system32\drivers\AtiHdmi.sys
14:51:15.0390 3368  AtiHdmiService - ok
14:51:15.0593 3368  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:51:15.0718 3368  Atmarpc - ok
14:51:16.0015 3368  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:51:16.0125 3368  AudioSrv - ok
14:51:16.0296 3368  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:51:16.0375 3368  audstub - ok
14:51:16.0656 3368  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:51:16.0750 3368  Beep - ok
14:51:17.0187 3368  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:51:17.0750 3368  BITS - ok
14:51:18.0031 3368  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
14:51:18.0125 3368  Browser - ok
14:51:18.0312 3368  Bulk1528 - ok
14:51:18.0468 3368  Ca1528av - ok
14:51:18.0656 3368  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:51:18.0765 3368  cbidf2k - ok
14:51:18.0921 3368  cd20xrnt - ok
14:51:19.0109 3368  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:51:19.0203 3368  Cdaudio - ok
14:51:19.0437 3368  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:51:19.0531 3368  Cdfs - ok
14:51:19.0796 3368  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:51:19.0890 3368  Cdrom - ok
14:51:20.0046 3368  Changer - ok
14:51:20.0312 3368  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:51:20.0406 3368  CiSvc - ok
14:51:20.0656 3368  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:51:20.0765 3368  ClipSrv - ok
14:51:20.0968 3368  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:51:21.0062 3368  clr_optimization_v2.0.50727_32 - ok
14:51:21.0234 3368  CmdIde - ok
14:51:21.0375 3368  COMSysApp - ok
14:51:21.0656 3368  Cpqarray - ok
14:51:21.0890 3368  [ 3411FDF098AA20193EEE5FFA36BA43B2 ] cpuz135         C:\WINDOWS\system32\drivers\cpuz135_x32.sys
14:51:21.0921 3368  cpuz135 - ok
14:51:22.0218 3368  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:51:22.0343 3368  CryptSvc - ok
14:51:22.0578 3368  [ FFC5377AA2C1A3F5B18F359F661E76C8 ] ctxusbm         C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
14:51:22.0593 3368  ctxusbm - ok
14:51:22.0734 3368  dac2w2k - ok
14:51:22.0906 3368  dac960nt - ok
14:51:23.0437 3368  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:51:23.0890 3368  DcomLaunch - ok
14:51:24.0171 3368  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:51:24.0328 3368  Dhcp - ok
14:51:24.0562 3368  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:51:24.0671 3368  Disk - ok
14:51:24.0828 3368  dmadmin - ok
14:51:25.0484 3368  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:51:26.0406 3368  dmboot - ok
14:51:26.0640 3368  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:51:26.0828 3368  dmio - ok
14:51:27.0000 3368  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:51:27.0093 3368  dmload - ok
14:51:27.0312 3368  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:51:27.0421 3368  dmserver - ok
14:51:27.0609 3368  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:51:27.0703 3368  DMusic - ok
14:51:27.0921 3368  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:51:28.0093 3368  Dnscache - ok
14:51:28.0453 3368  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:51:28.0625 3368  Dot3svc - ok
14:51:28.0796 3368  dpti2o - ok
14:51:28.0953 3368  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:51:29.0046 3368  drmkaud - ok
14:51:29.0281 3368  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:51:29.0390 3368  EapHost - ok
14:51:29.0593 3368  [ 16EBD8BF1D5090923694CC972C7CE1B4 ] ENTECH          C:\WINDOWS\system32\DRIVERS\ENTECH.sys
14:51:29.0625 3368  ENTECH - ok
14:51:29.0890 3368  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:51:30.0000 3368  ERSvc - ok
14:51:30.0312 3368  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
14:51:30.0390 3368  Eventlog - ok
14:51:30.0750 3368  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
14:51:30.0906 3368  EventSystem - ok
14:51:31.0187 3368  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:51:31.0375 3368  Fastfat - ok
14:51:31.0656 3368  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:51:31.0781 3368  FastUserSwitchingCompatibility - ok
14:51:32.0000 3368  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
14:51:32.0109 3368  Fdc - ok
14:51:32.0390 3368  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:51:32.0484 3368  Fips - ok
14:51:32.0687 3368  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:51:32.0796 3368  Flpydisk - ok
14:51:33.0046 3368  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:51:33.0234 3368  FltMgr - ok
14:51:33.0468 3368  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:51:33.0515 3368  FontCache3.0.0.0 - ok
14:51:33.0687 3368  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:51:33.0765 3368  Fs_Rec - ok
14:51:34.0031 3368  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:51:34.0218 3368  Ftdisk - ok
14:51:34.0406 3368  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:51:34.0484 3368  Gpc - ok
14:51:34.0656 3368  gupdate - ok
14:51:34.0921 3368  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:51:35.0015 3368  HDAudBus - ok
14:51:35.0343 3368  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:51:35.0453 3368  helpsvc - ok
14:51:35.0734 3368  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:51:35.0843 3368  HidServ - ok
14:51:36.0015 3368  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:51:36.0109 3368  hidusb - ok
14:51:36.0375 3368  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:51:36.0500 3368  hkmsvc - ok
14:51:36.0656 3368  hpn - ok
14:51:36.0875 3368  [ 863CC3A82C63C9F60ACF2E85D5310620 ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:51:36.0937 3368  HPZid412 - ok
14:51:37.0093 3368  [ 08CB72E95DD75B61F2966B311D0E4366 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:51:37.0156 3368  HPZipr12 - ok
14:51:37.0343 3368  [ CA990306ED4EF732AF9695BFF24FC96F ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:51:37.0437 3368  HPZius12 - ok
14:51:37.0796 3368  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:51:37.0828 3368  HTTP - ok
14:51:38.0140 3368  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:51:38.0250 3368  HTTPFilter - ok
14:51:38.0421 3368  i2omgmt - ok
14:51:38.0578 3368  i2omp - ok
14:51:38.0765 3368  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:51:38.0859 3368  i8042prt - ok
14:51:39.0593 3368  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:51:40.0625 3368  idsvc - ok
14:51:40.0859 3368  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:51:40.0953 3368  Imapi - ok
14:51:41.0187 3368  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:51:41.0328 3368  ImapiService - ok
14:51:41.0578 3368  ini910u - ok
14:51:44.0781 3368  [ 6F336C2D18BA1E7CE8D0F31541C87A1D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:51:47.0796 3368  IntcAzAudAddService - ok
14:51:47.0968 3368  IntelIde - ok
14:51:48.0140 3368  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:51:48.0281 3368  Ip6Fw - ok
14:51:48.0468 3368  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:51:48.0578 3368  IpFilterDriver - ok
14:51:48.0765 3368  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:51:48.0859 3368  IpInIp - ok
14:51:49.0171 3368  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:51:49.0296 3368  IpNat - ok
14:51:49.0484 3368  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:51:49.0578 3368  IPSec - ok
14:51:49.0750 3368  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:51:49.0812 3368  IRENUM - ok
14:51:50.0093 3368  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:51:50.0218 3368  isapnp - ok
14:51:50.0546 3368  [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
14:51:50.0656 3368  JavaQuickStarterService - ok
14:51:50.0875 3368  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:51:50.0968 3368  Kbdclass - ok
14:51:51.0140 3368  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:51:51.0234 3368  kbdhid - ok
14:51:51.0515 3368  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:51:51.0593 3368  kmixer - ok
14:51:51.0828 3368  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:51:51.0968 3368  KSecDD - ok
14:51:52.0296 3368  [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
14:51:52.0390 3368  LanmanServer - ok
14:51:52.0703 3368  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:51:52.0812 3368  lanmanworkstation - ok
14:51:52.0968 3368  lbrtfdc - ok
14:51:53.0343 3368  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:51:53.0437 3368  LmHosts - ok
14:51:53.0625 3368  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
14:51:53.0640 3368  MBAMProtector - ok
14:51:54.0062 3368  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:51:54.0468 3368  MBAMScheduler - ok
14:51:55.0078 3368  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
14:51:55.0906 3368  MBAMService - ok
14:51:56.0125 3368  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:51:56.0265 3368  Messenger - ok
14:51:56.0437 3368  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:51:56.0515 3368  mnmdd - ok
14:51:56.0703 3368  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:51:56.0812 3368  mnmsrvc - ok
14:51:57.0000 3368  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:51:57.0109 3368  Modem - ok
14:51:57.0375 3368  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:51:57.0484 3368  Mouclass - ok
14:51:57.0656 3368  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:51:57.0734 3368  mouhid - ok
14:51:57.0937 3368  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:51:58.0046 3368  MountMgr - ok
14:51:58.0203 3368  mraid35x - ok
14:51:58.0453 3368  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:51:58.0546 3368  MRxDAV - ok
14:51:58.0984 3368  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:51:59.0187 3368  MRxSmb - ok
14:51:59.0375 3368  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:51:59.0468 3368  MSDTC - ok
14:51:59.0718 3368  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:51:59.0796 3368  Msfs - ok
14:51:59.0953 3368  MSIServer - ok
14:52:00.0171 3368  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:52:00.0265 3368  MSKSSRV - ok
14:52:00.0421 3368  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:52:00.0500 3368  MSPCLOCK - ok
14:52:00.0656 3368  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:52:00.0765 3368  MSPQM - ok
14:52:00.0937 3368  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:52:01.0015 3368  mssmbios - ok
14:52:01.0265 3368  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:52:01.0359 3368  Mup - ok
14:52:01.0765 3368  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:52:02.0015 3368  napagent - ok
14:52:02.0296 3368  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:52:02.0484 3368  NDIS - ok
14:52:02.0671 3368  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:52:02.0718 3368  NdisTapi - ok
14:52:02.0875 3368  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:52:02.0968 3368  Ndisuio - ok
14:52:03.0171 3368  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:52:03.0281 3368  NdisWan - ok
14:52:03.0484 3368  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:52:03.0531 3368  NDProxy - ok
14:52:03.0718 3368  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:52:03.0796 3368  NetBIOS - ok
14:52:04.0046 3368  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:52:04.0125 3368  NetBT - ok
14:52:04.0453 3368  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:52:04.0609 3368  NetDDE - ok
14:52:04.0890 3368  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:52:04.0968 3368  NetDDEdsdm - ok
14:52:05.0171 3368  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:52:05.0265 3368  Netlogon - ok
14:52:05.0640 3368  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
14:52:05.0843 3368  Netman - ok
14:52:06.0109 3368  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:52:06.0234 3368  NetTcpPortSharing - ok
14:52:06.0578 3368  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:52:06.0750 3368  Nla - ok
14:52:07.0281 3368  [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
14:52:07.0781 3368  NMIndexingService - ok
14:52:07.0968 3368  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:52:08.0046 3368  Npfs - ok
14:52:08.0546 3368  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:52:09.0156 3368  Ntfs - ok
14:52:09.0312 3368  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:52:09.0406 3368  NtLmSsp - ok
14:52:09.0875 3368  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:52:10.0421 3368  NtmsSvc - ok
14:52:10.0593 3368  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:52:10.0703 3368  Null - ok
14:52:10.0875 3368  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:52:10.0953 3368  NwlnkFlt - ok
14:52:11.0140 3368  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:52:11.0265 3368  NwlnkFwd - ok
14:52:11.0765 3368  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
14:52:12.0234 3368  odserv - ok
14:52:12.0484 3368  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
14:52:12.0578 3368  ose - ok
14:52:12.0875 3368  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
14:52:12.0953 3368  Parport - ok
14:52:13.0156 3368  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:52:13.0265 3368  PartMgr - ok
14:52:13.0468 3368  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:52:13.0562 3368  ParVdm - ok
14:52:13.0781 3368  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:52:13.0906 3368  PCI - ok
14:52:14.0062 3368  PCIDump - ok
14:52:14.0281 3368  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:52:14.0375 3368  PCIIde - ok
14:52:14.0625 3368  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:52:14.0781 3368  Pcmcia - ok
14:52:14.0921 3368  PDCOMP - ok
14:52:15.0062 3368  PDFRAME - ok
14:52:15.0187 3368  PDRELI - ok
14:52:15.0359 3368  PDRFRAME - ok
14:52:15.0515 3368  perc2 - ok
14:52:15.0671 3368  perc2hib - ok
14:52:16.0187 3368  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
14:52:16.0250 3368  PlugPlay - ok
14:52:16.0468 3368  [ FB03F341FF5380394BF2EE52F1979925 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
14:52:16.0515 3368  Pml Driver HPZ12 - ok
14:52:16.0765 3368  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:52:16.0843 3368  PolicyAgent - ok
14:52:17.0031 3368  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:52:17.0125 3368  PptpMiniport - ok
14:52:17.0312 3368  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
14:52:17.0406 3368  Processor - ok
14:52:17.0609 3368  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:52:17.0687 3368  ProtectedStorage - ok
14:52:17.0890 3368  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:52:17.0968 3368  PSched - ok
14:52:18.0125 3368  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:52:18.0218 3368  Ptilink - ok
14:52:18.0390 3368  ql1080 - ok
14:52:18.0546 3368  Ql10wnt - ok
14:52:18.0703 3368  ql12160 - ok
14:52:18.0875 3368  ql1240 - ok
14:52:19.0031 3368  ql1280 - ok
14:52:19.0187 3368  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:52:19.0281 3368  RasAcd - ok
14:52:19.0531 3368  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:52:19.0671 3368  RasAuto - ok
14:52:19.0843 3368  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:52:19.0921 3368  Rasl2tp - ok
14:52:20.0234 3368  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:52:20.0468 3368  RasMan - ok
14:52:20.0640 3368  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:52:20.0718 3368  RasPppoe - ok
14:52:20.0875 3368  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:52:20.0968 3368  Raspti - ok
14:52:21.0218 3368  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:52:21.0312 3368  Rdbss - ok
14:52:21.0500 3368  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:52:21.0578 3368  RDPCDD - ok
14:52:21.0906 3368  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:52:21.0984 3368  rdpdr - ok
14:52:22.0296 3368  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:52:22.0437 3368  RDPWD - ok
14:52:22.0656 3368  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:52:22.0828 3368  RDSessMgr - ok
14:52:23.0031 3368  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:52:23.0109 3368  redbook - ok
14:52:23.0406 3368  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:52:23.0515 3368  RemoteAccess - ok
14:52:23.0843 3368  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:52:23.0937 3368  RemoteRegistry - ok
14:52:24.0140 3368  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:52:24.0281 3368  RpcLocator - ok
14:52:24.0781 3368  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:52:24.0953 3368  RpcSs - ok
14:52:25.0187 3368  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:52:25.0359 3368  RSVP - ok
14:52:25.0609 3368  [ B52B25F41BF3511071A0E7D10D659C56 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:52:25.0718 3368  RTLE8023xp - ok
14:52:25.0937 3368  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:52:26.0015 3368  SamSs - ok
14:52:28.0171 3368  [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc         C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe
14:52:32.0093 3368  SBAMSvc - ok
14:52:32.0328 3368  [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs         C:\WINDOWS\system32\drivers\sbapifs.sys
14:52:32.0328 3368  sbapifs - ok
14:52:32.0656 3368  [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE            C:\WINDOWS\system32\drivers\SBREdrv.sys
14:52:32.0656 3368  SBRE - ok
14:52:32.0875 3368  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:52:33.0031 3368  SCardSvr - ok
14:52:33.0406 3368  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:52:33.0625 3368  Schedule - ok
14:52:33.0781 3368  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:52:33.0828 3368  Secdrv - ok
14:52:34.0093 3368  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:52:34.0203 3368  seclogon - ok
14:52:34.0515 3368  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
14:52:34.0625 3368  SENS - ok
14:52:34.0812 3368  [ B490AD520257DDA26C1D587A71E527B5 ] Ser2pl          C:\WINDOWS\system32\DRIVERS\ser2pl.sys
14:52:34.0859 3368  Ser2pl - ok
14:52:35.0031 3368  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:52:35.0109 3368  serenum - ok
14:52:35.0359 3368  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:52:35.0437 3368  Serial - ok
14:52:35.0828 3368  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:52:35.0921 3368  Sfloppy - ok
14:52:36.0406 3368  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:52:36.0796 3368  SharedAccess - ok
14:52:37.0078 3368  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:52:37.0109 3368  ShellHWDetection - ok
14:52:37.0281 3368  Simbad - ok
14:52:37.0531 3368  [ 2A0BDE6DD58AC2935A80F984B3AF0B0E ] smhwdev         C:\WINDOWS\system32\DRIVERS\smhwdev.sys
14:52:37.0609 3368  smhwdev - ok
14:52:37.0843 3368  [ 54B5DD15EEF72AEE8D1C765AB2235610 ] smhwser         C:\WINDOWS\system32\DRIVERS\smhwser.sys
14:52:37.0968 3368  smhwser - ok
14:52:38.0296 3368  [ 5CE1CF27620B144E212D407CDB14D339 ] snapman380      C:\WINDOWS\system32\DRIVERS\snman380.sys
14:52:38.0375 3368  snapman380 - ok
14:52:38.0562 3368  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:52:38.0671 3368  SONYPVU1 - ok
14:52:38.0828 3368  Sparrow - ok
14:52:39.0000 3368  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:52:39.0093 3368  splitter - ok
14:52:39.0437 3368  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:52:39.0531 3368  Spooler - ok
14:52:39.0734 3368  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:52:39.0812 3368  sr - ok
14:52:40.0125 3368  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:52:40.0281 3368  srservice - ok
14:52:40.0671 3368  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:52:40.0875 3368  Srv - ok
14:52:41.0125 3368  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:52:41.0187 3368  SSDPSRV - ok
14:52:41.0593 3368  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:52:42.0031 3368  stisvc - ok
14:52:42.0218 3368  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:52:42.0296 3368  swenum - ok
14:52:42.0484 3368  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:52:42.0562 3368  swmidi - ok
14:52:42.0718 3368  SwPrv - ok
14:52:42.0875 3368  symc810 - ok
14:52:43.0031 3368  symc8xx - ok
14:52:43.0187 3368  sym_hi - ok
14:52:43.0343 3368  sym_u3 - ok
14:52:43.0531 3368  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:52:43.0609 3368  sysaudio - ok
14:52:43.0875 3368  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:52:44.0031 3368  SysmonLog - ok
14:52:44.0453 3368  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:52:44.0656 3368  TapiSrv - ok
14:52:45.0046 3368  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:52:45.0218 3368  Tcpip - ok
14:52:45.0390 3368  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:52:45.0484 3368  TDPIPE - ok
14:52:46.0296 3368  [ D953F161177DAB3C8440844A9AB6E5A2 ] tdrpman174      C:\WINDOWS\system32\DRIVERS\tdrpm174.sys
14:52:47.0375 3368  tdrpman174 - ok
14:52:47.0531 3368  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:52:47.0625 3368  TDTCP - ok
14:52:47.0812 3368  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:52:47.0906 3368  TermDD - ok
14:52:48.0359 3368  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
14:52:48.0625 3368  TermService - ok
14:52:48.0890 3368  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:52:48.0906 3368  Themes - ok
14:52:49.0078 3368  [ 6DCB8DDB481CD3C40FA68593723B4D89 ] tifsfilter      C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
14:52:49.0093 3368  tifsfilter - ok
14:52:49.0562 3368  [ 394FC70B88B7958FA85798BBC76D140A ] timounter       C:\WINDOWS\system32\DRIVERS\timntr.sys
14:52:50.0062 3368  timounter - ok
14:52:50.0250 3368  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:52:50.0343 3368  TlntSvr - ok
14:52:50.0609 3368  [ 87843B2DA99051BC66E2D6C211E3D6A4 ] TOSHIBA Bluetooth Service C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
14:52:50.0687 3368  TOSHIBA Bluetooth Service - ok
14:52:50.0843 3368  TosIde - ok
14:52:51.0046 3368  [ 8D624D3BD1F2D78BD1C01A2D4E954B4E ] tosporte        C:\WINDOWS\system32\DRIVERS\tosporte.sys
14:52:51.0078 3368  tosporte - ok
14:52:51.0328 3368  [ 8C3BFAF3FCA90502E6FA35503B8E979E ] tosrfbd         C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
14:52:51.0437 3368  tosrfbd - ok
14:52:51.0609 3368  [ 90C8525BC578AAFFE87C2D0ED4379E9E ] tosrfbnp        C:\WINDOWS\system32\Drivers\tosrfbnp.sys
14:52:51.0687 3368  tosrfbnp - ok
14:52:51.0875 3368  [ 4742F0BAD28268AB093ED6F4EA857997 ] Tosrfcom        C:\WINDOWS\system32\Drivers\tosrfcom.sys
14:52:51.0921 3368  Tosrfcom - ok
14:52:52.0125 3368  [ 7C807BA9660E2995CC0217A14A24094C ] Tosrfhid        C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
14:52:52.0187 3368  Tosrfhid - ok
14:52:52.0375 3368  [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds        C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
14:52:52.0421 3368  tosrfnds - ok
14:52:52.0593 3368  [ A4CE9572BC4AC8D329455059B43C5BEA ] TosRfSnd        C:\WINDOWS\system32\drivers\tosrfsnd.sys
14:52:52.0671 3368  TosRfSnd - ok
14:52:52.0859 3368  [ 01C90086CD37E7E8D9A827E24167FCB7 ] tosrfusb        C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
14:52:52.0937 3368  tosrfusb - ok
14:52:53.0265 3368  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:52:53.0406 3368  TrkWks - ok
14:52:53.0671 3368  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:52:53.0812 3368  Udfs - ok
14:52:53.0984 3368  ultra - ok
14:52:54.0390 3368  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:52:54.0625 3368  Update - ok
14:52:54.0937 3368  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:52:55.0093 3368  upnphost - ok
14:52:55.0328 3368  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
14:52:55.0421 3368  UPS - ok
14:52:55.0609 3368  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:52:55.0703 3368  usbccgp - ok
14:52:55.0859 3368  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:52:55.0953 3368  usbehci - ok
14:52:56.0156 3368  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:52:56.0250 3368  usbhub - ok
14:52:56.0421 3368  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:52:56.0515 3368  usbohci - ok
14:52:56.0687 3368  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:52:56.0812 3368  usbprint - ok
14:52:56.0984 3368  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:52:57.0078 3368  usbscan - ok
14:52:57.0328 3368  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:52:57.0437 3368  USBSTOR - ok
14:52:57.0640 3368  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:52:57.0734 3368  VgaSave - ok
14:52:57.0890 3368  ViaIde - ok
14:52:58.0093 3368  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:52:58.0203 3368  VolSnap - ok
14:52:58.0671 3368  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
14:52:58.0875 3368  VSS - ok
14:52:59.0265 3368  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
14:52:59.0453 3368  W32Time - ok
14:52:59.0687 3368  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:52:59.0781 3368  Wanarp - ok
14:53:00.0265 3368  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:53:00.0734 3368  Wdf01000 - ok
14:53:00.0859 3368  WDICA - ok
14:53:01.0062 3368  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:53:01.0156 3368  wdmaud - ok
14:53:01.0453 3368  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:53:01.0578 3368  WebClient - ok
14:53:01.0984 3368  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:53:02.0140 3368  winmgmt - ok
14:53:02.0562 3368  [ 1ABFD1399436E81C9D857F5FC76EAF98 ] WmBEnum         C:\WINDOWS\system32\drivers\WmBEnum.sys
14:53:02.0593 3368  WmBEnum - ok
14:53:02.0828 3368  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
14:53:02.0953 3368  WmdmPmSN - ok
14:53:03.0125 3368  [ B3CFCBCC91FF61EF82FC693B8B57E7F0 ] WmFilter        C:\WINDOWS\system32\drivers\WmFilter.sys
14:53:03.0171 3368  WmFilter - ok
14:53:03.0843 3368  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:53:04.0578 3368  Wmi - ok
14:53:04.0750 3368  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:53:04.0828 3368  WmiAcpi - ok
14:53:05.0109 3368  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:53:05.0250 3368  WmiApSrv - ok
14:53:06.0000 3368  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
14:53:07.0078 3368  WMPNetworkSvc - ok
14:53:07.0234 3368  [ A40D2DD0F019423EF6C363F1295EB38D ] WmVirHid        C:\WINDOWS\system32\drivers\WmVirHid.sys
14:53:07.0296 3368  WmVirHid - ok
14:53:07.0484 3368  [ 2BF505424F469155CD90D7B3301D7ADC ] WmXlCore        C:\WINDOWS\system32\drivers\WmXlCore.sys
14:53:07.0484 3368  WmXlCore - ok
14:53:07.0671 3368  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
14:53:07.0750 3368  WpdUsb - ok
14:53:08.0109 3368  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:53:08.0265 3368  wscsvc - ok
14:53:08.0484 3368  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:53:08.0562 3368  wuauserv - ok
14:53:08.0781 3368  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:53:08.0890 3368  WudfPf - ok
14:53:09.0109 3368  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:53:09.0171 3368  WudfRd - ok
14:53:09.0421 3368  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:53:09.0484 3368  WudfSvc - ok
14:53:09.0968 3368  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:53:10.0500 3368  WZCSVC - ok
14:53:10.0828 3368  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:53:11.0000 3368  xmlprov - ok
14:53:11.0375 3368  [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Programme\CyberLink\PowerDVD8\000.fcl
14:53:11.0390 3368  {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
14:53:11.0390 3368  ================ Scan global ===============================
14:53:11.0671 3368  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
14:53:11.0906 3368  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
14:53:12.0250 3368  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
14:53:12.0328 3368  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
14:53:12.0328 3368  [Global] - ok
14:53:12.0328 3368  ================ Scan MBR ==================================
14:53:12.0359 3368  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
14:53:12.0906 3368  \Device\Harddisk0\DR0 - ok
14:53:12.0906 3368  ================ Scan VBR ==================================
14:53:12.0906 3368  [ 6C3CA0A8A18AAAD3A27BFCB6CBF10715 ] \Device\Harddisk0\DR0\Partition1
14:53:12.0906 3368  \Device\Harddisk0\DR0\Partition1 - ok
14:53:12.0921 3368  [ 1CC1D5876391DCEFFB3078A9A94B9610 ] \Device\Harddisk0\DR0\Partition2
14:53:12.0937 3368  \Device\Harddisk0\DR0\Partition2 - ok
14:53:12.0937 3368  ============================================================
14:53:12.0937 3368  Scan finished
14:53:12.0937 3368  ============================================================
14:53:13.0046 3356  Detected object count: 2
14:53:13.0046 3356  Actual detected object count: 2
14:53:45.0921 3356  78edf8e8d34ecce2 ( Rootkit.Win32.Necurs.gen ) - skipped by user
14:53:45.0921 3356  78edf8e8d34ecce2 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip 
14:53:45.0921 3356  ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
14:53:45.0921 3356  ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
"Rootkit.Win32.Necurs.gen "
Das Ding dürfte ja laut Inet nicht ohne sein. Hoffe wir bekommen das hin.

Alt 25.10.2012, 15:00   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AdAware "Trojan.Win32.FakeVimes.ge" - Standard

AdAware "Trojan.Win32.FakeVimes.ge"


Zitat:
Ich habe doch nichts mit der SwissArmy am Hut?!
Das ist einfach nur Malwarebytes

Code:
ATTFilter
78edf8e8d34ecce2 ( Rootkit.Win32.Necurs.gen ) - skipped by user
Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!

Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue

Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 3 1 2 3

Themen zu AdAware "Trojan.Win32.FakeVimes.ge"
adaware, angezeigt, arbeiten, beim starten, cpu-auslastung, desktop, dringend, durchgeführt, ersichtlich, fehlermeldungen, geliefert, gestartet, hochfahren, langsam, problem, programme, programmen, schöne, starten, system, trojan.win32.fakevimes.ge, zusammen


« Umleitung auf alle möglichen Seiten | Virus TR/ATRAPS.Gen und Gen2 sowie TR/AGENT.73728.15 in Datei C:\RECYLER\S1-5-18\.....\80000cb.@ »


Ähnliche Themen: AdAware "Trojan.Win32.FakeVimes.ge"


  1. Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C"
    Plagegeister aller Art und deren Bekämpfung - 22.09.2015 (10)
  2. Zonealarm meldet trojan.Win32.Generic als "Behandelt"
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (10)
  3. ZoneAlarm meldet Fund: "Trojan-Spy.Win32.Zbot.nesk"
    Log-Analyse und Auswertung - 18.07.2013 (11)
  4. "Licensevalidator.exe" u.A.: ESET meldet "Win32/Kryptik.ADPW trojan" sowie "Win32/Gataka.A trojan"
    Log-Analyse und Auswertung - 12.04.2012 (21)
  5. "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (11)
  6. Generelle Frage zu bestimmten Trojaner "Trojan.Win32.Agent"
    Log-Analyse und Auswertung - 06.12.2011 (9)
  7. viren "Trojan:Win32/Bumat!rts" und "Exploit Java/CVE-2010-0840.ew" auf Laptop
    Plagegeister aller Art und deren Bekämpfung - 05.10.2011 (8)
  8. Malwarereinigung: "TR/Kazy.25747.40", "Trojan.Downloader..." und "Backdoor: Win32Cycbot.B"
    Log-Analyse und Auswertung - 09.06.2011 (1)
  9. "trojan-dropper.win32.Agent.dglg" und "trojan.Win32.Autohit.wh"
    Log-Analyse und Auswertung - 03.02.2011 (10)
  10. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  11. AVG findet "Trojan horse Generic15.EAM", Antimalware "Trojan.Agent" + "Rootkit.Agent"
    Plagegeister aller Art und deren Bekämpfung - 03.11.2009 (13)
  12. "Win32.Trojan.Tdss" in system32-Ordner von WinXP SP3
    Plagegeister aller Art und deren Bekämpfung - 23.08.2009 (9)
  13. "Trojan-Spy.Win32.Zbot.ikh" hat Rechner lahm gelegt! Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 23.07.2009 (1)
  14. Firefox öffnet neue Fenster. "trojan.win32.generic"
    Log-Analyse und Auswertung - 17.12.2008 (1)
  15. "Trojan.clicker.win32.tiny.h" in meinem System
    Plagegeister aller Art und deren Bekämpfung - 07.10.2008 (4)
  16. HILFE: "Win32:HLLW.Gavir:5" und "Trojan.Proxy.Ranky
    Log-Analyse und Auswertung - 12.01.2007 (4)
  17. Werde "Trojan.Win32.StartPage.ix" nicht mehr los!!!
    Log-Analyse und Auswertung - 23.06.2004 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema AdAware "Trojan.Win32.FakeVimes.ge" - Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so - AdAware "Trojan.Win32.FakeVimes.ge"...
Archiv
Du betrachtest: AdAware "Trojan.Win32.FakeVimes.ge" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55