AdAware "Trojan.Win32.FakeVimes.ge"

hemisphere07 · 25.10.2012, 16:31

Hervorragend!!!

Dachte schon jetzt müssen wir auch noch gegen die neutrale Schweiz in den Krieg ziehen.

Dabei reicht mir schon der Kampf gegen meine Plagegeister am Rechner.
Win32.Necurs.gen deleted
TDSS-Killer Log:

Code:

ATTFilter

16:42:16.0578 3052  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
16:42:18.0484 3052  ============================================================
16:42:18.0484 3052  Current date / time: 2012/10/25 16:42:18.0484
16:42:18.0484 3052  SystemInfo:
16:42:18.0484 3052  
16:42:18.0484 3052  OS Version: 5.1.2600 ServicePack: 3.0
16:42:18.0484 3052  Product type: Workstation
16:42:18.0484 3052  ComputerName: USERPC
16:42:18.0484 3052  UserName: user
16:42:18.0484 3052  Windows directory: C:\WINDOWS
16:42:18.0484 3052  System windows directory: C:\WINDOWS
16:42:18.0484 3052  Processor architecture: Intel x86
16:42:18.0484 3052  Number of processors: 2
16:42:18.0484 3052  Page size: 0x1000
16:42:18.0484 3052  Boot type: Normal boot
16:42:18.0484 3052  ============================================================
16:42:22.0515 3052  BG loaded
16:42:23.0250 3052  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:42:23.0390 3052  ============================================================
16:42:23.0390 3052  \Device\Harddisk0\DR0:
16:42:23.0390 3052  MBR partitions:
16:42:23.0390 3052  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
16:42:23.0406 3052  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x2E031A75
16:42:23.0406 3052  ============================================================
16:42:24.0000 3052  C: <-> \Device\Harddisk0\DR0\Partition1
16:42:24.0593 3052  D: <-> \Device\Harddisk0\DR0\Partition2
16:42:24.0609 3052  ============================================================
16:42:24.0609 3052  Initialize success
16:42:24.0609 3052  ============================================================
16:48:55.0156 2608  ============================================================
16:48:55.0156 2608  Scan started
16:48:55.0156 2608  Mode: Manual; SigCheck; TDLFS; 
16:48:55.0156 2608  ============================================================
16:48:55.0468 2608  ================ Scan system memory ========================
16:48:55.0484 2608  System memory - ok
16:48:55.0484 2608  ================ Scan services =============================
16:48:55.0953 2608  Abiosdsk - ok
16:48:55.0953 2608  abp480n5 - ok
16:48:55.0984 2608  ACDaemon - ok
16:48:56.0140 2608  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:49:02.0875 2608  ACPI - ok
16:49:02.0906 2608  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
16:49:03.0031 2608  ACPIEC - ok
16:49:03.0406 2608  [ 2E482249AA953C4B9DA4E84124EC7407 ] AcrSch2Svc      C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
16:49:03.0593 2608  AcrSch2Svc - ok
16:49:04.0453 2608  [ C59992E25F4EBAD9E5C15B0D5D225F99 ] Ad-Aware Service C:\Programme\Ad-Aware Antivirus\AdAwareService.exe
16:49:05.0078 2608  Ad-Aware Service - ok
16:49:05.0281 2608  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:49:05.0484 2608  AdobeFlashPlayerUpdateSvc - ok
16:49:05.0484 2608  adpu160m - ok
16:49:05.0593 2608  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
16:49:05.0687 2608  aec - ok
16:49:05.0796 2608  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
16:49:05.0859 2608  AFD - ok
16:49:05.0859 2608  Aha154x - ok
16:49:05.0875 2608  aic78u2 - ok
16:49:05.0875 2608  aic78xx - ok
16:49:05.0921 2608  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
16:49:06.0015 2608  Alerter - ok
16:49:06.0062 2608  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
16:49:06.0093 2608  ALG - ok
16:49:06.0093 2608  AliIde - ok
16:49:06.0125 2608  [ 6E58654CB25730B2579E45E1FD116A47 ] amdide          C:\WINDOWS\system32\DRIVERS\amdide.sys
16:49:06.0140 2608  amdide - ok
16:49:06.0140 2608  amsint - ok
16:49:06.0203 2608  [ E94E2EA7FAAA05C776A711EDB198B9FD ] androidusb      C:\WINDOWS\system32\Drivers\smhwadb.sys
16:49:06.0265 2608  androidusb - ok
16:49:06.0390 2608  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
16:49:06.0531 2608  AppMgmt - ok
16:49:06.0531 2608  asc - ok
16:49:06.0546 2608  asc3350p - ok
16:49:06.0546 2608  asc3550 - ok
16:49:06.0703 2608  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:49:06.0765 2608  aspnet_state - ok
16:49:06.0781 2608  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:49:06.0875 2608  AsyncMac - ok
16:49:06.0968 2608  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
16:49:07.0109 2608  atapi - ok
16:49:07.0156 2608  Atdisk - ok
16:49:07.0796 2608  [ B8DBF155EAE86B1468FEEA472E94AEFB ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
16:49:08.0453 2608  Ati HotKey Poller - ok
16:49:08.0859 2608  [ AD1865C5E1842C8BA06BE3B1799315AA ] ATI Smart       C:\WINDOWS\system32\ati2sgag.exe
16:49:09.0265 2608  ATI Smart ( UnsignedFile.Multi.Generic ) - warning
16:49:09.0265 2608  ATI Smart - detected UnsignedFile.Multi.Generic (1)
16:49:11.0609 2608  [ 1DB0E5F78A67307F9C68D777873C1164 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:49:14.0203 2608  ati2mtag - ok
16:49:14.0312 2608  [ 591A9EABB5EF5168E435C2F18B05DD76 ] AtiHdmiService  C:\WINDOWS\system32\drivers\AtiHdmi.sys
16:49:14.0359 2608  AtiHdmiService - ok
16:49:14.0421 2608  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:49:14.0531 2608  Atmarpc - ok
16:49:14.0578 2608  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
16:49:14.0671 2608  AudioSrv - ok
16:49:14.0703 2608  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
16:49:14.0781 2608  audstub - ok
16:49:14.0828 2608  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
16:49:15.0015 2608  Beep - ok
16:49:15.0562 2608  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
16:49:15.0937 2608  BITS - ok
16:49:16.0031 2608  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
16:49:16.0125 2608  Browser - ok
16:49:16.0140 2608  Bulk1528 - ok
16:49:16.0140 2608  Ca1528av - ok
16:49:16.0187 2608  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
16:49:16.0421 2608  cbidf2k - ok
16:49:16.0421 2608  cd20xrnt - ok
16:49:16.0468 2608  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
16:49:16.0656 2608  Cdaudio - ok
16:49:16.0734 2608  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
16:49:16.0843 2608  Cdfs - ok
16:49:16.0906 2608  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:49:17.0000 2608  Cdrom - ok
16:49:17.0000 2608  Changer - ok
16:49:17.0031 2608  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
16:49:17.0109 2608  CiSvc - ok
16:49:17.0156 2608  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
16:49:17.0281 2608  ClipSrv - ok
16:49:17.0343 2608  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:49:17.0437 2608  clr_optimization_v2.0.50727_32 - ok
16:49:17.0437 2608  CmdIde - ok
16:49:17.0437 2608  COMSysApp - ok
16:49:17.0468 2608  Cpqarray - ok
16:49:17.0515 2608  [ 3411FDF098AA20193EEE5FFA36BA43B2 ] cpuz135         C:\WINDOWS\system32\drivers\cpuz135_x32.sys
16:49:17.0531 2608  cpuz135 - ok
16:49:17.0578 2608  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
16:49:17.0703 2608  CryptSvc - ok
16:49:17.0765 2608  [ FFC5377AA2C1A3F5B18F359F661E76C8 ] ctxusbm         C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
16:49:17.0781 2608  ctxusbm - ok
16:49:17.0781 2608  dac2w2k - ok
16:49:17.0781 2608  dac960nt - ok
16:49:18.0078 2608  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
16:49:18.0296 2608  DcomLaunch - ok
16:49:18.0390 2608  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
16:49:18.0484 2608  Dhcp - ok
16:49:18.0500 2608  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
16:49:18.0625 2608  Disk - ok
16:49:18.0625 2608  dmadmin - ok
16:49:19.0125 2608  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
16:49:20.0031 2608  dmboot - ok
16:49:20.0125 2608  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
16:49:20.0343 2608  dmio - ok
16:49:20.0359 2608  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
16:49:20.0468 2608  dmload - ok
16:49:20.0484 2608  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
16:49:20.0562 2608  dmserver - ok
16:49:20.0609 2608  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
16:49:20.0718 2608  DMusic - ok
16:49:20.0750 2608  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
16:49:20.0859 2608  Dnscache - ok
16:49:20.0953 2608  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
16:49:21.0125 2608  Dot3svc - ok
16:49:21.0125 2608  dpti2o - ok
16:49:21.0156 2608  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
16:49:21.0250 2608  drmkaud - ok
16:49:21.0296 2608  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
16:49:21.0390 2608  EapHost - ok
16:49:21.0437 2608  [ 16EBD8BF1D5090923694CC972C7CE1B4 ] ENTECH          C:\WINDOWS\system32\DRIVERS\ENTECH.sys
16:49:21.0468 2608  ENTECH - ok
16:49:21.0484 2608  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
16:49:21.0578 2608  ERSvc - ok
16:49:21.0671 2608  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
16:49:22.0109 2608  Eventlog - ok
16:49:22.0281 2608  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
16:49:22.0328 2608  EventSystem - ok
16:49:22.0453 2608  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
16:49:22.0640 2608  Fastfat - ok
16:49:22.0734 2608  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:49:22.0765 2608  FastUserSwitchingCompatibility - ok
16:49:22.0812 2608  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
16:49:22.0906 2608  Fdc - ok
16:49:22.0953 2608  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
16:49:23.0031 2608  Fips - ok
16:49:23.0062 2608  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:49:23.0156 2608  Flpydisk - ok
16:49:23.0265 2608  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:49:23.0421 2608  FltMgr - ok
16:49:23.0484 2608  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:49:23.0531 2608  FontCache3.0.0.0 - ok
16:49:23.0546 2608  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:49:23.0625 2608  Fs_Rec - ok
16:49:23.0703 2608  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:49:23.0859 2608  Ftdisk - ok
16:49:23.0890 2608  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:49:23.0984 2608  Gpc - ok
16:49:24.0000 2608  gupdate - ok
16:49:24.0125 2608  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:49:24.0234 2608  HDAudBus - ok
16:49:24.0312 2608  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:49:24.0406 2608  helpsvc - ok
16:49:24.0437 2608  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
16:49:24.0531 2608  HidServ - ok
16:49:24.0546 2608  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:49:24.0640 2608  hidusb - ok
16:49:24.0687 2608  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
16:49:24.0796 2608  hkmsvc - ok
16:49:24.0812 2608  hpn - ok
16:49:24.0875 2608  [ 863CC3A82C63C9F60ACF2E85D5310620 ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:49:24.0937 2608  HPZid412 - ok
16:49:24.0953 2608  [ 08CB72E95DD75B61F2966B311D0E4366 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:49:25.0000 2608  HPZipr12 - ok
16:49:25.0031 2608  [ CA990306ED4EF732AF9695BFF24FC96F ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:49:25.0125 2608  HPZius12 - ok
16:49:25.0296 2608  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
16:49:25.0343 2608  HTTP - ok
16:49:25.0375 2608  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
16:49:25.0484 2608  HTTPFilter - ok
16:49:25.0484 2608  i2omgmt - ok
16:49:25.0500 2608  i2omp - ok
16:49:25.0562 2608  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:49:25.0656 2608  i8042prt - ok
16:49:26.0234 2608  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:49:27.0312 2608  idsvc - ok
16:49:27.0359 2608  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
16:49:27.0437 2608  Imapi - ok
16:49:27.0546 2608  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
16:49:27.0625 2608  ImapiService - ok
16:49:27.0640 2608  ini910u - ok
16:49:30.0578 2608  [ 6F336C2D18BA1E7CE8D0F31541C87A1D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:49:33.0640 2608  IntcAzAudAddService - ok
16:49:33.0640 2608  IntelIde - ok
16:49:33.0687 2608  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:49:34.0031 2608  Ip6Fw - ok
16:49:34.0093 2608  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:49:34.0281 2608  IpFilterDriver - ok
16:49:34.0406 2608  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:49:34.0671 2608  IpInIp - ok
16:49:34.0859 2608  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:49:35.0281 2608  IpNat - ok
16:49:35.0390 2608  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:49:35.0875 2608  IPSec - ok
16:49:35.0921 2608  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
16:49:36.0062 2608  IRENUM - ok
16:49:36.0171 2608  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:49:36.0390 2608  isapnp - ok
16:49:36.0687 2608  [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
16:49:36.0703 2608  JavaQuickStarterService - ok
16:49:36.0765 2608  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:49:36.0875 2608  Kbdclass - ok
16:49:36.0906 2608  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:49:37.0000 2608  kbdhid - ok
16:49:37.0109 2608  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
16:49:37.0203 2608  kmixer - ok
16:49:37.0296 2608  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
16:49:37.0390 2608  KSecDD - ok
16:49:37.0484 2608  [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
16:49:37.0531 2608  LanmanServer - ok
16:49:37.0625 2608  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:49:37.0671 2608  lanmanworkstation - ok
16:49:37.0671 2608  lbrtfdc - ok
16:49:37.0750 2608  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
16:49:37.0828 2608  LmHosts - ok
16:49:37.0875 2608  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
16:49:37.0875 2608  MBAMProtector - ok
16:49:38.0156 2608  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:49:38.0406 2608  MBAMScheduler - ok
16:49:39.0203 2608  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
16:49:39.0656 2608  MBAMService - ok
16:49:39.0718 2608  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
16:49:40.0421 2608  Messenger - ok
16:49:40.0500 2608  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
16:49:40.0703 2608  mnmdd - ok
16:49:40.0812 2608  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
16:49:41.0093 2608  mnmsrvc - ok
16:49:41.0125 2608  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
16:49:41.0296 2608  Modem - ok
16:49:41.0453 2608  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:49:41.0812 2608  Mouclass - ok
16:49:41.0859 2608  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:49:41.0968 2608  mouhid - ok
16:49:42.0046 2608  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
16:49:42.0187 2608  MountMgr - ok
16:49:42.0187 2608  mraid35x - ok
16:49:42.0375 2608  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:49:42.0500 2608  MRxDAV - ok
16:49:42.0859 2608  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:49:43.0281 2608  MRxSmb - ok
16:49:43.0343 2608  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
16:49:43.0468 2608  MSDTC - ok
16:49:43.0531 2608  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
16:49:43.0656 2608  Msfs - ok
16:49:43.0656 2608  MSIServer - ok
16:49:43.0718 2608  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:49:43.0875 2608  MSKSSRV - ok
16:49:43.0890 2608  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:49:44.0031 2608  MSPCLOCK - ok
16:49:44.0046 2608  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
16:49:44.0203 2608  MSPQM - ok
16:49:44.0281 2608  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:49:44.0390 2608  mssmbios - ok
16:49:44.0500 2608  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
16:49:44.0593 2608  Mup - ok
16:49:44.0812 2608  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
16:49:45.0156 2608  napagent - ok
16:49:45.0328 2608  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
16:49:45.0828 2608  NDIS - ok
16:49:45.0875 2608  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:49:45.0921 2608  NdisTapi - ok
16:49:45.0937 2608  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:49:46.0046 2608  Ndisuio - ok
16:49:46.0109 2608  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:49:46.0203 2608  NdisWan - ok
16:49:46.0250 2608  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
16:49:46.0296 2608  NDProxy - ok
16:49:46.0343 2608  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
16:49:46.0453 2608  NetBIOS - ok
16:49:46.0562 2608  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
16:49:46.0671 2608  NetBT - ok
16:49:46.0750 2608  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
16:49:46.0921 2608  NetDDE - ok
16:49:47.0000 2608  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
16:49:47.0078 2608  NetDDEdsdm - ok
16:49:47.0109 2608  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
16:49:47.0203 2608  Netlogon - ok
16:49:47.0328 2608  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
16:49:47.0421 2608  Netman - ok
16:49:47.0531 2608  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:49:47.0625 2608  NetTcpPortSharing - ok
16:49:47.0796 2608  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
16:49:47.0796 2608  Nla - ok
16:49:48.0218 2608  [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
16:49:48.0734 2608  NMIndexingService - ok
16:49:48.0750 2608  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
16:49:48.0843 2608  Npfs - ok
16:49:49.0187 2608  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
16:49:49.0781 2608  Ntfs - ok
16:49:49.0796 2608  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
16:49:49.0890 2608  NtLmSsp - ok
16:49:50.0171 2608  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
16:49:50.0671 2608  NtmsSvc - ok
16:49:50.0687 2608  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
16:49:50.0765 2608  Null - ok
16:49:50.0796 2608  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:49:50.0890 2608  NwlnkFlt - ok
16:49:50.0921 2608  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:49:51.0031 2608  NwlnkFwd - ok
16:49:51.0375 2608  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
16:49:52.0203 2608  odserv - ok
16:49:52.0312 2608  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
16:49:52.0406 2608  ose - ok
16:49:52.0468 2608  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
16:49:52.0562 2608  Parport - ok
16:49:52.0593 2608  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
16:49:52.0703 2608  PartMgr - ok
16:49:52.0718 2608  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
16:49:52.0812 2608  ParVdm - ok
16:49:52.0875 2608  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
16:49:53.0015 2608  PCI - ok
16:49:53.0015 2608  PCIDump - ok
16:49:53.0031 2608  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
16:49:53.0109 2608  PCIIde - ok
16:49:53.0203 2608  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
16:49:53.0359 2608  Pcmcia - ok
16:49:53.0359 2608  PDCOMP - ok
16:49:53.0375 2608  PDFRAME - ok
16:49:53.0375 2608  PDRELI - ok
16:49:53.0390 2608  PDRFRAME - ok
16:49:53.0390 2608  perc2 - ok
16:49:53.0406 2608  perc2hib - ok
16:49:53.0515 2608  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
16:49:53.0531 2608  PlugPlay - ok
16:49:53.0593 2608  [ FB03F341FF5380394BF2EE52F1979925 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
16:49:53.0656 2608  Pml Driver HPZ12 - ok
16:49:53.0656 2608  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
16:49:53.0750 2608  PolicyAgent - ok
16:49:53.0781 2608  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:49:53.0875 2608  PptpMiniport - ok
16:49:53.0906 2608  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
16:49:54.0000 2608  Processor - ok
16:49:54.0000 2608  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:49:54.0093 2608  ProtectedStorage - ok
16:49:54.0140 2608  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
16:49:54.0218 2608  PSched - ok
16:49:54.0234 2608  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:49:54.0343 2608  Ptilink - ok
16:49:54.0343 2608  ql1080 - ok
16:49:54.0359 2608  Ql10wnt - ok
16:49:54.0359 2608  ql12160 - ok
16:49:54.0375 2608  ql1240 - ok
16:49:54.0390 2608  ql1280 - ok
16:49:54.0421 2608  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:49:54.0531 2608  RasAcd - ok
16:49:54.0593 2608  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
16:49:54.0734 2608  RasAuto - ok
16:49:54.0781 2608  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:49:54.0859 2608  Rasl2tp - ok
16:49:54.0984 2608  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
16:49:55.0093 2608  RasMan - ok
16:49:55.0125 2608  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:49:55.0203 2608  RasPppoe - ok
16:49:55.0218 2608  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
16:49:55.0312 2608  Raspti - ok
16:49:55.0421 2608  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:49:55.0500 2608  Rdbss - ok
16:49:55.0515 2608  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:49:55.0593 2608  RDPCDD - ok
16:49:55.0734 2608  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:49:55.0812 2608  rdpdr - ok
16:49:55.0937 2608  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
16:49:56.0031 2608  RDPWD - ok
16:49:56.0125 2608  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
16:49:56.0312 2608  RDSessMgr - ok
16:49:56.0359 2608  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
16:49:56.0437 2608  redbook - ok
16:49:56.0500 2608  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
16:49:56.0625 2608  RemoteAccess - ok
16:49:56.0671 2608  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
16:49:56.0765 2608  RemoteRegistry - ok
16:49:56.0828 2608  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
16:49:56.0968 2608  RpcLocator - ok
16:49:57.0218 2608  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
16:49:57.0375 2608  RpcSs - ok
16:49:57.0484 2608  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
16:49:57.0656 2608  RSVP - ok
16:49:57.0734 2608  [ B52B25F41BF3511071A0E7D10D659C56 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:49:57.0828 2608  RTLE8023xp - ok
16:49:57.0843 2608  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
16:49:57.0953 2608  SamSs - ok
16:50:00.0000 2608  [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc         C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe
16:50:02.0156 2608  SBAMSvc - ok
16:50:02.0187 2608  [ 62BA65CC0B4A4BD1EAFF5FED6E2B5069 ] sbaphd          C:\WINDOWS\system32\drivers\sbaphd.sys
16:50:02.0203 2608  sbaphd - ok
16:50:02.0265 2608  [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs         C:\WINDOWS\system32\drivers\sbapifs.sys
16:50:02.0265 2608  sbapifs - ok
16:50:02.0343 2608  [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE            C:\WINDOWS\system32\drivers\SBREdrv.sys
16:50:02.0359 2608  SBRE - ok
16:50:02.0437 2608  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
16:50:02.0578 2608  SCardSvr - ok
16:50:02.0734 2608  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
16:50:02.0828 2608  Schedule - ok
16:50:02.0859 2608  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:50:02.0906 2608  Secdrv - ok
16:50:02.0953 2608  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
16:50:03.0062 2608  seclogon - ok
16:50:03.0093 2608  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
16:50:03.0187 2608  SENS - ok
16:50:03.0234 2608  [ B490AD520257DDA26C1D587A71E527B5 ] Ser2pl          C:\WINDOWS\system32\DRIVERS\ser2pl.sys
16:50:03.0296 2608  Ser2pl - ok
16:50:03.0312 2608  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
16:50:03.0406 2608  serenum - ok
16:50:03.0468 2608  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
16:50:03.0546 2608  Serial - ok
16:50:03.0578 2608  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
16:50:03.0656 2608  Sfloppy - ok
16:50:03.0875 2608  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
16:50:04.0109 2608  SharedAccess - ok
16:50:04.0203 2608  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:50:04.0218 2608  ShellHWDetection - ok
16:50:04.0218 2608  Simbad - ok
16:50:04.0328 2608  [ 2A0BDE6DD58AC2935A80F984B3AF0B0E ] smhwdev         C:\WINDOWS\system32\DRIVERS\smhwdev.sys
16:50:04.0421 2608  smhwdev - ok
16:50:04.0500 2608  [ 54B5DD15EEF72AEE8D1C765AB2235610 ] smhwser         C:\WINDOWS\system32\DRIVERS\smhwser.sys
16:50:04.0625 2608  smhwser - ok
16:50:04.0734 2608  [ 5CE1CF27620B144E212D407CDB14D339 ] snapman380      C:\WINDOWS\system32\DRIVERS\snman380.sys
16:50:04.0828 2608  snapman380 - ok
16:50:04.0859 2608  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
16:50:04.0937 2608  SONYPVU1 - ok
16:50:04.0953 2608  Sparrow - ok
16:50:04.0968 2608  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
16:50:05.0046 2608  splitter - ok
16:50:05.0109 2608  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
16:50:05.0140 2608  Spooler - ok
16:50:05.0203 2608  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
16:50:05.0296 2608  sr - ok
16:50:05.0421 2608  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
16:50:05.0468 2608  srservice - ok
16:50:05.0703 2608  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
16:50:05.0890 2608  Srv - ok
16:50:05.0953 2608  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
16:50:06.0000 2608  SSDPSRV - ok
16:50:06.0218 2608  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
16:50:06.0453 2608  stisvc - ok
16:50:06.0468 2608  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
16:50:06.0562 2608  swenum - ok
16:50:06.0609 2608  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
16:50:06.0687 2608  swmidi - ok
16:50:06.0687 2608  SwPrv - ok
16:50:06.0703 2608  symc810 - ok
16:50:06.0718 2608  symc8xx - ok
16:50:06.0718 2608  sym_hi - ok
16:50:06.0734 2608  sym_u3 - ok
16:50:06.0781 2608  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
16:50:06.0859 2608  sysaudio - ok
16:50:06.0937 2608  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
16:50:07.0093 2608  SysmonLog - ok
16:50:07.0265 2608  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
16:50:07.0343 2608  TapiSrv - ok
16:50:07.0578 2608  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:50:07.0765 2608  Tcpip - ok
16:50:07.0796 2608  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
16:50:07.0890 2608  TDPIPE - ok
16:50:08.0515 2608  [ D953F161177DAB3C8440844A9AB6E5A2 ] tdrpman174      C:\WINDOWS\system32\DRIVERS\tdrpm174.sys
16:50:09.0578 2608  tdrpman174 - ok
16:50:09.0593 2608  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
16:50:09.0703 2608  TDTCP - ok
16:50:09.0734 2608  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
16:50:09.0812 2608  TermDD - ok
16:50:10.0015 2608  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
16:50:10.0093 2608  TermService - ok
16:50:10.0203 2608  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
16:50:10.0203 2608  Themes - ok
16:50:10.0234 2608  [ 6DCB8DDB481CD3C40FA68593723B4D89 ] tifsfilter      C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
16:50:10.0250 2608  tifsfilter - ok
16:50:10.0578 2608  [ 394FC70B88B7958FA85798BBC76D140A ] timounter       C:\WINDOWS\system32\DRIVERS\timntr.sys
16:50:11.0062 2608  timounter - ok
16:50:11.0125 2608  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
16:50:11.0218 2608  TlntSvr - ok
16:50:11.0343 2608  [ 87843B2DA99051BC66E2D6C211E3D6A4 ] TOSHIBA Bluetooth Service C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
16:50:11.0359 2608  TOSHIBA Bluetooth Service - ok
16:50:11.0359 2608  TosIde - ok
16:50:11.0406 2608  [ 8D624D3BD1F2D78BD1C01A2D4E954B4E ] tosporte        C:\WINDOWS\system32\DRIVERS\tosporte.sys
16:50:11.0437 2608  tosporte - ok
16:50:11.0515 2608  [ 8C3BFAF3FCA90502E6FA35503B8E979E ] tosrfbd         C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
16:50:11.0609 2608  tosrfbd - ok
16:50:11.0640 2608  [ 90C8525BC578AAFFE87C2D0ED4379E9E ] tosrfbnp        C:\WINDOWS\system32\Drivers\tosrfbnp.sys
16:50:11.0703 2608  tosrfbnp - ok
16:50:11.0750 2608  [ 4742F0BAD28268AB093ED6F4EA857997 ] Tosrfcom        C:\WINDOWS\system32\Drivers\tosrfcom.sys
16:50:11.0796 2608  Tosrfcom - ok
16:50:11.0843 2608  [ 7C807BA9660E2995CC0217A14A24094C ] Tosrfhid        C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
16:50:11.0921 2608  Tosrfhid - ok
16:50:11.0937 2608  [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds        C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
16:50:11.0968 2608  tosrfnds - ok
16:50:12.0000 2608  [ A4CE9572BC4AC8D329455059B43C5BEA ] TosRfSnd        C:\WINDOWS\system32\drivers\tosrfsnd.sys
16:50:12.0078 2608  TosRfSnd - ok
16:50:12.0109 2608  [ 01C90086CD37E7E8D9A827E24167FCB7 ] tosrfusb        C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
16:50:12.0171 2608  tosrfusb - ok
16:50:12.0250 2608  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
16:50:12.0328 2608  TrkWks - ok
16:50:12.0390 2608  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
16:50:12.0531 2608  Udfs - ok
16:50:12.0531 2608  ultra - ok
16:50:12.0781 2608  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
16:50:13.0015 2608  Update - ok
16:50:13.0156 2608  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
16:50:13.0359 2608  upnphost - ok
16:50:13.0390 2608  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
16:50:13.0484 2608  UPS - ok
16:50:13.0531 2608  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:50:13.0609 2608  usbccgp - ok
16:50:13.0640 2608  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:50:13.0734 2608  usbehci - ok
16:50:13.0781 2608  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:50:13.0859 2608  usbhub - ok
16:50:13.0906 2608  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:50:13.0984 2608  usbohci - ok
16:50:14.0031 2608  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:50:14.0125 2608  usbprint - ok
16:50:14.0156 2608  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:50:14.0250 2608  usbscan - ok
16:50:14.0296 2608  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:50:14.0390 2608  USBSTOR - ok
16:50:14.0421 2608  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
16:50:14.0484 2608  VgaSave - ok
16:50:14.0500 2608  ViaIde - ok
16:50:14.0546 2608  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
16:50:14.0656 2608  VolSnap - ok
16:50:14.0859 2608  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
16:50:15.0078 2608  VSS - ok
16:50:15.0203 2608  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
16:50:15.0312 2608  W32Time - ok
16:50:15.0359 2608  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:50:15.0437 2608  Wanarp - ok
16:50:15.0765 2608  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:50:16.0265 2608  Wdf01000 - ok
16:50:16.0265 2608  WDICA - ok
16:50:16.0343 2608  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
16:50:16.0421 2608  wdmaud - ok
16:50:16.0484 2608  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
16:50:16.0578 2608  WebClient - ok
16:50:16.0734 2608  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
16:50:16.0812 2608  winmgmt - ok
16:50:16.0859 2608  [ 1ABFD1399436E81C9D857F5FC76EAF98 ] WmBEnum         C:\WINDOWS\system32\drivers\WmBEnum.sys
16:50:16.0875 2608  WmBEnum - ok
16:50:16.0921 2608  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
16:50:17.0031 2608  WmdmPmSN - ok
16:50:17.0062 2608  [ B3CFCBCC91FF61EF82FC693B8B57E7F0 ] WmFilter        C:\WINDOWS\system32\drivers\WmFilter.sys
16:50:17.0109 2608  WmFilter - ok
16:50:17.0546 2608  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
16:50:17.0953 2608  Wmi - ok
16:50:17.0968 2608  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:50:18.0046 2608  WmiAcpi - ok
16:50:18.0156 2608  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:50:18.0281 2608  WmiApSrv - ok
16:50:18.0906 2608  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
16:50:19.0937 2608  WMPNetworkSvc - ok
16:50:19.0953 2608  [ A40D2DD0F019423EF6C363F1295EB38D ] WmVirHid        C:\WINDOWS\system32\drivers\WmVirHid.sys
16:50:20.0000 2608  WmVirHid - ok
16:50:20.0031 2608  [ 2BF505424F469155CD90D7B3301D7ADC ] WmXlCore        C:\WINDOWS\system32\drivers\WmXlCore.sys
16:50:20.0062 2608  WmXlCore - ok
16:50:20.0093 2608  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
16:50:20.0156 2608  WpdUsb - ok
16:50:20.0234 2608  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
16:50:20.0343 2608  wscsvc - ok
16:50:20.0390 2608  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
16:50:20.0468 2608  wuauserv - ok
16:50:20.0531 2608  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:50:20.0640 2608  WudfPf - ok
16:50:20.0718 2608  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:50:20.0781 2608  WudfRd - ok
16:50:20.0828 2608  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
16:50:20.0859 2608  WudfSvc - ok
16:50:21.0171 2608  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
16:50:21.0406 2608  WZCSVC - ok
16:50:21.0500 2608  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
16:50:21.0656 2608  xmlprov - ok
16:50:21.0750 2608  [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Programme\CyberLink\PowerDVD8\000.fcl
16:50:21.0765 2608  {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
16:50:21.0765 2608  ================ Scan global ===============================
16:50:21.0812 2608  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
16:50:22.0015 2608  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
16:50:22.0187 2608  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
16:50:22.0265 2608  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
16:50:22.0265 2608  [Global] - ok
16:50:22.0281 2608  ================ Scan MBR ==================================
16:50:22.0328 2608  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
16:50:23.0031 2608  \Device\Harddisk0\DR0 - ok
16:50:23.0031 2608  ================ Scan VBR ==================================
16:50:23.0031 2608  [ 6C3CA0A8A18AAAD3A27BFCB6CBF10715 ] \Device\Harddisk0\DR0\Partition1
16:50:23.0031 2608  \Device\Harddisk0\DR0\Partition1 - ok
16:50:23.0046 2608  [ 1CC1D5876391DCEFFB3078A9A94B9610 ] \Device\Harddisk0\DR0\Partition2
16:50:23.0062 2608  \Device\Harddisk0\DR0\Partition2 - ok
16:50:23.0062 2608  ============================================================
16:50:23.0062 2608  Scan finished
16:50:23.0062 2608  ============================================================
16:50:23.0171 0612  Detected object count: 1
16:50:23.0171 0612  Actual detected object count: 1
16:50:38.0921 0612  ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:38.0921 0612  ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:51:07.0484 1564  Deinitialize success

cosinus · 25.10.2012, 19:51

Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

hemisphere07 · 26.10.2012, 15:58

GMER hat leider nicht funktioniert - zweimal fehlgeschlagen mitten im Scan. (blauer Bildschirm --> Reboot --> Hang Up)

aswMBR Log:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-26 16:12:23
-----------------------------
16:12:23.359    OS Version: Windows 5.1.2600 Service Pack 3
16:12:23.359    Number of processors: 2 586 0x6B02
16:12:23.359    ComputerName: USERPC  UserName: user
16:12:25.921    Initialize success
16:17:08.109    AVAST engine defs: 12102600
16:17:25.968    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
16:17:25.968    Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
16:17:25.968    Disk 0 MBR read successfully
16:17:25.984    Disk 0 MBR scan
16:17:26.062    Disk 0 Windows XP default MBR code
16:17:26.062    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        99998 MB offset 63
16:17:26.062    Disk 0 Partition - 00     0F Extended LBA            376931 MB offset 204796620
16:17:26.078    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       376931 MB offset 204796683
16:17:26.093    Disk 0 scanning sectors +976752000
16:17:26.234    Disk 0 scanning C:\WINDOWS\system32\drivers
16:17:51.171    Service scanning
16:18:46.437    Modules scanning
16:19:14.796    Disk 0 trace - called modules:
16:19:15.296    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys 
16:19:15.296    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6adab8]
16:19:15.296    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8a62af18]
16:19:15.312    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a69f940]
16:19:17.593    AVAST engine scan C:\WINDOWS
16:19:53.625    AVAST engine scan C:\WINDOWS\system32
16:32:05.375    AVAST engine scan C:\WINDOWS\system32\drivers
16:32:37.140    AVAST engine scan C:\Dokumente und Einstellungen\user
16:43:41.578    AVAST engine scan C:\Dokumente und Einstellungen\All Users
16:46:48.625    Scan finished successfully
16:47:20.171    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\user\Desktop\MBR.dat"
16:47:20.171    The log file has been saved successfully to "C:\Dokumente und Einstellungen\user\Desktop\aswMBR.txt"

cosinus · 26.10.2012, 20:15

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

hemisphere07 · 27.10.2012, 18:34

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 12-10-26.05 - user 27.10.2012  18:43:27.1.2 - x86
ausgeführt von:: c:\dokumente und einstellungen\user\Desktop\ComboFix\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\user\Anwendungsdaten\LLIB32D.DLL
c:\dokumente und einstellungen\user\WINDOWS
c:\windows\IsUn0407.exe
d:\eigene dateien\DPE.DUS
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-27 bis 2012-10-27  ))))))))))))))))))))))))))))))
.
.
2012-10-25 14:36 . 2012-10-25 14:36	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-10-24 17:55 . 2012-10-24 17:55	--------	d-----w-	C:\_OTL
2012-10-20 08:48 . 2012-10-20 09:07	--------	d-----w-	c:\programme\a-squared Free
2012-10-14 13:15 . 2012-10-14 13:15	--------	d-----w-	c:\dokumente und einstellungen\user\Anwendungsdaten\Malwarebytes
2012-10-14 13:15 . 2012-10-14 13:15	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-10-14 13:15 . 2012-10-19 17:16	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-10-14 13:15 . 2012-09-29 17:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-14 09:49 . 2012-10-14 09:49	--------	d-----w-	c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\Ad-Aware Antivirus
2012-10-14 09:37 . 2012-10-14 09:37	--------	d-----w-	c:\programme\PC Antivirus
2012-10-14 09:37 . 2012-10-14 09:37	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVC1Data
2012-10-14 00:24 . 2012-10-14 00:30	--------	d-----w-	c:\dokumente und einstellungen\user\Anwendungsdaten\AVPro
2012-10-14 00:24 . 2012-10-14 00:24	--------	d-----w-	c:\dokumente und einstellungen\user\Anwendungsdaten\PC Antivirus
2012-10-14 00:24 . 2012-10-14 00:21	6393144	----a-w-	c:\windows\uninstac.exe
2012-10-14 00:24 . 2012-10-14 00:24	582992	----a-w-	c:\windows\system32\sbap.dll
2012-10-14 00:24 . 2012-10-14 00:24	415056	----a-w-	c:\windows\system32\SpursDownload.dll
2012-10-14 00:23 . 2012-10-14 00:24	1332560	----a-w-	c:\windows\system32\sbte.dll
2012-10-14 00:23 . 2012-10-14 00:23	308560	----a-w-	c:\windows\system32\vipre.dll
2012-10-14 00:23 . 2012-10-14 00:23	160768	----a-w-	c:\windows\system32\unrar.dll
2012-10-12 15:49 . 2012-10-12 15:49	--------	d-----w-	c:\dokumente und einstellungen\user\Anwendungsdaten\LavasoftStatistics
2012-10-12 15:42 . 2012-10-12 15:42	--------	d-----w-	c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus
2012-10-12 15:35 . 2011-11-29 04:59	77816	----a-w-	c:\windows\system32\drivers\sbapifs.sys
2012-10-12 15:35 . 2011-11-29 04:59	21240	----a-w-	c:\windows\system32\drivers\sbaphd.sys
2012-10-12 15:35 . 2012-10-12 15:35	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
2012-10-12 15:34 . 2012-10-12 16:07	--------	d-----w-	c:\programme\Ad-Aware Antivirus
2012-10-12 15:34 . 2012-10-12 15:34	--------	d-----w-	c:\windows\system32\drivers\VDD
2012-10-12 15:33 . 2012-10-12 15:33	--------	d-----w-	c:\dokumente und einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
2012-10-12 15:33 . 2012-10-12 15:33	--------	d-----w-	c:\dokumente und einstellungen\user\Lokale Einstellungen\Anwendungsdaten\adawarebp
2012-10-12 15:33 . 2012-10-12 15:33	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
2012-10-12 15:33 . 2012-10-12 15:33	--------	d-----w-	c:\programme\adawaretb
2012-10-12 15:33 . 2012-10-12 15:33	--------	d-----w-	c:\dokumente und einstellungen\user\Anwendungsdaten\adawaretb
2012-10-12 15:33 . 2012-10-12 15:33	--------	d-----w-	c:\programme\Toolbar Cleaner
2012-10-12 15:31 . 2012-10-13 07:53	--------	d-----w-	c:\dokumente und einstellungen\user\Anwendungsdaten\Ad-Aware Antivirus
2012-10-12 14:47 . 2012-10-14 11:27	--------	d-----w-	C:\Lop SD
2012-10-12 12:47 . 2012-10-12 12:47	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-10-03 20:10 . 2012-10-03 20:10	--------	d-----w-	c:\dokumente und einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 22:28 . 2012-06-02 07:46	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-08 22:28 . 2011-06-12 19:38	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:05 . 2008-04-14 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2008-04-14 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2008-04-14 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00	385024	------w-	c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 12:00	177664	----a-w-	c:\windows\system32\wintrust(2).dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\programme\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-30 16864768]
"PDVD8LanguageShortcut"="c:\programme\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\programme\Cyberlink\Shared Files\brs.exe" [2008-06-27 91432]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"TrueImageMonitor.exe"="c:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-27 4386336]
"AcronisTimounterMonitor"="c:\programme\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-27 962584]
"Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2008-11-27 165144]
"ConnectionCenter"="c:\programme\Citrix\ICA Client\redirector.exe" [2012-07-27 130232]
"Ad-Aware Browsing Protection"="c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-08-09 05:03	81920	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02	254696	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\aon\\aonController\\aonController.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Programme\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google Earth\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\aon\\aonInstaller\\Installer.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [25.04.2012 08:03 67960]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [12.10.2012 17:35 21240]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\programme\CyberLink\PowerDVD8\000.fcl [27.06.2008 17:50 61424]
R2 Ad-Aware Service;Ad-Aware Service;c:\programme\Ad-Aware Antivirus\AdAwareService.exe [20.09.2012 15:03 1236368]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [07.04.2012 20:27 21992]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [14.10.2012 15:15 399432]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [12.10.2012 17:35 77816]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [26.10.2011 14:23 101112]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys --> c:\windows\system32\Drivers\Ca1528av.sys [?]
S2 gupdate;Google Update Service (gupdate);"c:\programme\Google\Update\GoogleUpdate.exe" /svc --> c:\programme\Google\Update\GoogleUpdate.exe [?]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [14.10.2012 15:15 676936]
S2 SBAMSvc;Ad-Aware;c:\programme\Ad-Aware Antivirus\SBAMSvc.exe [19.12.2011 13:20 3289032]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02.06.2012 09:46 250808]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [24.06.2011 18:42 25728]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys --> c:\windows\system32\Drivers\Bulk1528.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14.10.2012 15:15 22856]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [24.06.2011 18:42 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [24.06.2011 18:42 108032]
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-21 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-09-20 13:03]
.
2012-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 22:28]
.
2009-06-05 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8234971962.job
- c:\programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\user\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ArcSoft Connection Service - c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
SafeBoot-76584237.sys
AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0407.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-27 18:51
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\programme\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-682003330-2025429265-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(828)
c:\progra~1\Citrix\ICACLI~1\RSHook.dll
c:\programme\Citrix\ICA Client\ShellHook.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(888)
c:\progra~1\Citrix\ICACLI~1\RSHook.dll
c:\programme\Citrix\ICA Client\ShellHook.dll
.
Zeit der Fertigstellung: 2012-10-27  18:54:17
ComboFix-quarantined-files.txt  2012-10-27 16:54
.
Vor Suchlauf: 8 Verzeichnis(se), 43.101.097.984 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 43.317.657.600 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AE3239CE8B299C23CE310F07ECBF349F
         
 --- --- ---

cosinus · 27.10.2012, 20:11

Sieht gut aus. Eine Kontrolle bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

hemisphere07 · 29.10.2012, 16:31

Hallo cosinus!

Das Arbeiten mit dem Rechner wird langsam zermürbend. Zum Hochfahren 10 Minuten ist mir einfach zuviel. Eigentlich weiß ich bis jetzt nicht, ob ich ein Malware- oder ein Hardwareproblem habe. Die Festplatte rattert jedenfalls ohne Ende. Windows 7 DVD ist bereits unterwegs. Vorerst einmal eine großes

von mir.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.10.2012 15:33:50 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\user\Desktop\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 85,35% Memory free
11,07 Gb Paging File | 10,58 Gb Available in Paging File | 95,52% Paging File free
Paging file location(s): C:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97,65 Gb Total Space | 39,73 Gb Free Space | 40,68% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 321,18 Gb Free Space | 87,25% Space Free | Partition Type: NTFS
 
Computer Name: USERPC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\user\Desktop\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3175.36946__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3175.37043__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3175.37089__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3175.37064__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3175.36923__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3175.36949__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3175.37057__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3175.37026__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3175.36941__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3175.37000__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3175.36934__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3175.37090__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3175.36947__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3175.36933__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3175.36946__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3175.37004__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3175.37115__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3175.37048__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3175.37035__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3175.36950__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3175.37036__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3175.37003__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3175.37114__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3175.37034__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3175.37059__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3175.37028__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3175.36951__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3175.36995__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3175.36936__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3175.37002__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3175.37020__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3175.37000__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3175.36955__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3175.37002__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3175.37019__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3156.17681__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3175.37023__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3156.17682__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3156.17703__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3156.17694__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3156.17689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3156.17699__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3156.17703__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3156.17698__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3156.17722__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3156.17701__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3156.17721__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3156.17721__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3156.17682__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3156.17695__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3156.17708__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3156.17708__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3156.17718__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3156.17701__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3156.17747__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3156.17709__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3156.17697__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3156.17695__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3156.17689__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3156.17703__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3156.17694__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3156.17702__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3156.17700__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3156.17695__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.resources\2.0.3175.36928_de_90ba9c70f846762e\CLI.Component.Dashboard.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3175.36928__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3175.37069__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3175.36940__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3175.37078__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3175.36920__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3175.37075__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3175.36922__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3156.17698__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3175.37106__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3156.17686__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3156.17689__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3156.17698__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3156.17702__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3156.17702__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3156.17686__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3175.37120__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3175.36917__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3175.37069_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.AIB.VividDesktop.Dashboard\1.2.3188.18570__90ba9c70f846762e\CLI.AIB.VividDesktop.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.AIB.TutorialOverDrive3.Tutorial.Dashboard\1.2.3188.18578__90ba9c70f846762e\CLI.AIB.TutorialOverDrive3.Tutorial.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.AIB.VividVideoPlayback.Dashboard\1.2.3188.18567__90ba9c70f846762e\CLI.AIB.VividVideoPlayback.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard\1.2.3188.18579__90ba9c70f846762e\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3175.36921__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3175.36919__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3175.36917__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3156.17692__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3175.37077__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3156.17711__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\WINDOWS\system32\hpotscl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (gupdate) -- C:\Programme\Google\Update\GoogleUpdate.exe /svc File not found
SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREdrv.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\user\LOKALE~1\Temp\catchme.sys File not found
DRV - (Ca1528av) -- System32\Drivers\Ca1528av.sys File not found
DRV - (Bulk1528) -- System32\Drivers\Bulk1528.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (tdrpman174) -- C:\WINDOWS\system32\drivers\tdrpm174.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman380) -- C:\WINDOWS\system32\drivers\snman380.sys (Acronis)
DRV - (cpuz135) -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys (CPUID)
DRV - (smhwser) -- C:\WINDOWS\system32\drivers\smhwser.sys (QUALCOMM Incorporated)
DRV - (smhwdev) -- C:\WINDOWS\system32\drivers\smhwdev.sys (Huawei Technologies Co., Ltd.)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\smhwadb.sys (Google Inc)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Programme\CyberLink\PowerDVD8\000.fcl (Cyberlink Corp.)
DRV - (amdide) -- C:\WINDOWS\system32\drivers\amdide.sys (Advanced Micro Devices)
DRV - (tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default Font Size = 01 00 00 00  [binary data]
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\..\SearchScopes\{C5CF2981-4EEC-473D-9E6D-CB6E8C489AA1}: "URL" = hxxp://www.google.at/search?hl=de&q={searchTerms}&meta=&rlz=1I7ADSA_de
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Programme\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Programme\Philips\Internet Video Downloader\Plugin_FireFox [2010.03.21 18:56:36 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2012.10.27 17:50:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Programme\Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [ConnectionCenter] C:\Programme\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-2025429265-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-682003330-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-682003330-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\user\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADA10E3B-8384-44E9-AF09-68293070DE3A}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Programme\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.14 15:59:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.29 12:45:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Startmenü\Programme\CyberLink PowerDVD 8
[2012.10.28 21:08:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Google earth
[2012.10.27 23:38:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Avira
[2012.10.27 23:10:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012.10.27 23:09:48 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.10.27 23:09:47 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.10.27 23:09:47 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.10.27 23:09:41 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2012.10.27 23:09:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2012.10.27 17:56:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.10.27 17:41:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.10.27 17:36:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.10.27 17:36:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.10.27 17:36:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.10.27 17:36:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.10.27 17:36:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.27 17:35:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.10.27 17:24:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\ComboFix
[2012.10.26 14:08:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\aswMBR
[2012.10.26 13:50:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\W_7
[2012.10.25 15:36:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.10.25 13:37:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Kaspersky
[2012.10.24 18:55:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.21 17:35:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\OTL
[2012.10.20 19:19:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Eset Onl Scanner
[2012.10.17 20:31:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\ADWcleaner
[2012.10.14 14:15:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes
[2012.10.14 14:15:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.10.14 10:49:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Ad-Aware Antivirus
[2012.10.14 10:37:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVC1Data
[2012.10.14 09:34:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Emails_28_10_2012
[2012.10.14 01:24:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\PC Antivirus
[2012.10.14 01:24:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\AVPro
[2012.10.14 01:24:05 | 006,393,144 | ---- | C] (PC Antivirus Pro) -- C:\WINDOWS\uninstac.exe
[2012.10.14 01:24:03 | 000,582,992 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbap.dll
[2012.10.14 01:24:02 | 000,415,056 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\SpursDownload.dll
[2012.10.14 01:23:59 | 001,332,560 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbte.dll
[2012.10.12 16:49:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\LavasoftStatistics
[2012.10.12 16:42:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus
[2012.10.12 16:33:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
[2012.10.12 16:33:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\adawaretb
[2012.10.12 15:47:09 | 000,000,000 | ---D | C] -- C:\Lop SD
[2012.10.12 15:20:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\HJt
[2012.10.03 21:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google
[2012.09.30 09:32:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Winterreifen_2012
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.29 15:28:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.10.29 13:33:54 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2012.10.29 12:46:21 | 000,435,996 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.29 12:46:20 | 000,452,756 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.10.29 12:46:20 | 000,081,468 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.10.29 12:46:20 | 000,068,700 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.29 12:40:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.27 23:44:01 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.10.27 17:50:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.10.27 17:41:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.10.27 17:10:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.26 15:48:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.10.21 19:41:23 | 001,918,687 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Scannen.psd
[2012.10.14 19:17:06 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012.10.14 01:24:04 | 000,582,992 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\sbap.dll
[2012.10.14 01:24:03 | 000,415,056 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\SpursDownload.dll
[2012.10.14 01:24:02 | 001,332,560 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\sbte.dll
[2012.10.14 01:23:59 | 000,308,560 | ---- | M] () -- C:\WINDOWS\System32\vipre.dll
[2012.10.14 01:23:58 | 000,160,768 | ---- | M] () -- C:\WINDOWS\System32\unrar.dll
[2012.10.14 01:21:34 | 006,393,144 | ---- | M] (PC Antivirus Pro) -- C:\WINDOWS\uninstac.exe
[2012.10.08 23:28:55 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.10.08 23:28:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.10.03 20:29:49 | 000,004,298 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\DriveCalculator Preferences
[2012.10.02 15:35:56 | 000,300,001 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Transaktionsdetails.pdf
[2012.10.02 15:24:42 | 000,488,881 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Formular Zollbenachrichtigung.pdf
[2012.10.01 16:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
 
========== Files Created - No Company Name ==========
 
[2012.10.27 17:41:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.10.27 17:41:25 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.10.27 17:36:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.10.27 17:36:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.10.27 17:36:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.10.27 17:36:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.10.27 17:36:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.10.14 19:17:06 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012.10.14 01:23:59 | 000,308,560 | ---- | C] () -- C:\WINDOWS\System32\vipre.dll
[2012.10.14 01:23:58 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012.10.02 15:35:53 | 000,300,001 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\Transaktionsdetails.pdf
[2012.10.02 15:25:42 | 000,048,022 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\Rechnung.pdf
[2012.10.02 15:24:37 | 000,488,881 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\Formular Zollbenachrichtigung.pdf
[2012.08.31 09:37:41 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.10 15:58:22 | 000,004,298 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\DriveCalculator Preferences
[2010.09.10 15:52:31 | 000,000,258 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\PropCalc Preferences
[2010.01.20 12:08:50 | 000,003,346 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\MNO.DAT
[2009.11.22 12:11:56 | 000,429,549 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\mdbu.bin
[2009.05.15 15:27:03 | 000,000,080 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2009.03.28 15:20:08 | 000,004,395 | -H-- | C] () -- C:\Dokumente und Einstellungen\user\hpothb07.tif
[2009.03.28 15:20:08 | 000,000,488 | -H-- | C] () -- C:\Dokumente und Einstellungen\user\hpothb07.dat
[2009.02.18 15:49:24 | 000,000,257 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpothb07.tif
[2009.02.18 15:49:24 | 000,000,189 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpothb07.dat
[2009.02.14 16:44:57 | 000,001,024 | ---- | C] () -- C:\Dokumente und Einstellungen\user\.rnd
 
========== ZeroAccess Check ==========
 
[2009.02.14 16:10:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.10.16 02:00:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\user\Desktop\Scannen.psd:SummaryInformation

< End of report >

--- --- ---

[/code]

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 29.10.2012 15:33:50 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\user\Desktop\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 85,35% Memory free
11,07 Gb Paging File | 10,58 Gb Available in Paging File | 95,52% Paging File free
Paging file location(s): C:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97,65 Gb Total Space | 39,73 Gb Free Space | 40,68% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 321,18 Gb Free Space | 87,25% Space Free | Partition Type: NTFS
 
Computer Name: USERPC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\aon\aonController\aonController.exe" = C:\Programme\aon\aonController\aonController.exe:*:Enabled:Controller -- (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Programme\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Programme\Microsoft Games\Flight Simulator 9\fs9.exe:*:Disabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
"C:\Programme\Google Earth\Google Earth\client\googleearth.exe" = C:\Programme\Google Earth\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
"C:\Programme\aon\aonInstaller\Installer.exe" = C:\Programme\aon\aonInstaller\Installer.exe:*:Enabled:Breitband-Internet-Installation -- (mquadr.at software engineering & consulting GmbH - Web: hxxp://www.mquadr.at - Mail: office@mquadr.at)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AF8333-27BE-35F1-B5B6-EBCD89F846AF}" = Catalyst Control Center Localization Spanish
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A561DC3-36F0-4EBA-961D-531F82D053C9}" = Self-Service Plug-in
"{0C5AA351-4C6B-8452-0DEB-DD9FFF4DB53F}" = CCC Help Chinese Standard
"{0D94B4A1-E09B-87B8-5FFD-6F720B5430BD}" = CCC Help French
"{0EB183F5-17C6-45AA-96EC-888C615AD53C}" = Citrix Receiver (HDX Flash-Umleitung)
"{0FA8B0C1-CBBD-5348-CA3F-B6EE90B7F186}" = Catalyst Control Center Graphics Light
"{137603DC-0050-D41D-DAEF-9CC1D6899B7B}" = Catalyst Control Center Localization Chinese Traditional
"{1A6570E5-D0C8-CEC5-C8AE-EE6EB1C72286}" = CCC Help German
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4547C5-F62E-BA06-17D7-37EDB842D0FA}" = CCC Help Korean
"{1FFB4E2F-60A9-4BC9-B04B-0CEB8E108232}" = Extentrix Endpoint Analysis Client 4.8
"{2191089C-FCB6-0DE1-8DFA-62481BA15887}" = CCC Help Polish
"{234AB115-C6C4-4ACB-A029-8845120E4F37}" = Online Plug-in
"{23DBDF71-1070-B12D-DE81-3DE82BD0EE0F}" = Catalyst Control Center Localization Japanese
"{260954A3-6960-C01E-6F40-1CE0A93BF626}" = Catalyst Control Center Localization German
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2822B2F8-1509-1CCC-D6B4-488085F4DB4F}" = CCC Help Finnish
"{29B36F38-1071-DE31-F13F-AB772EACB520}" = CCC Help Dutch
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{36B6CCCF-97C3-4BC3-8890-A2E778C0037E}" = Citrix Receiver Updater
"{37334614-FAB1-4C67-9973-BC6C1DF82DAE}" = Citrix Receiver (USB)
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{382B1538-6CF7-D096-0943-1CC4697BD96C}" = CCC Help Japanese
"{3972733B-D4D3-D199-94AC-ED8C897A5D77}" = CCC Help Swedish
"{434E3EEC-60B2-F0EF-41F7-2D2D18DC120E}" = CCC Help Norwegian
"{43B0D334-9A1B-4257-9E51-D3813BD8B9D0}" = GoGear ARIA Device Manager
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{48496AE8-7D00-419A-B131-A7593A4787BA}" = LAGO FS Falcon FS2004 version 2.00
"{497C2376-FB2E-C042-7AE0-143AED4D04FB}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6DF1FE-DA7B-9A5B-01AA-091314B3BFEE}" = Catalyst Control Center Graphics Full New
"{534FA2AB-C09D-F3F8-355B-74289B4A25B0}" = CCC Help Spanish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B1172A6-1EF8-55B9-B6D1-E88DAF7461A0}" = Catalyst Control Center Localization Czech
"{5B1F1DF4-BBF7-A78C-8BE5-4F12A1964638}" = Skins
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5E2A655C-F4C2-CDE8-D463-78865149ABAF}" = Catalyst Control Center Graphics Full Existing
"{626C2AA3-7E89-5A04-F774-C0E016399765}" = Catalyst Control Center Localization Danish
"{687BE4C6-3F13-BB68-41D0-D2ACBE9657E4}" = Catalyst Control Center Localization Norwegian
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber 
"{7098EEF7-5B96-F14D-E07D-44169831FE89}" = ccc-core-preinstall
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79E2005B-4D5D-3C7A-D85A-21E24F693607}" = Catalyst Control Center Localization Greek
"{7D08B393-0FBF-F9D4-1EF0-7088B5A4FFE4}" = Catalyst Control Center Localization Dutch
"{88589E54-FDD1-9333-DED9-BCE0155E9241}" = ccc-utility
"{8AEBFD30-B94F-4A49-8106-03039708BDD4}" = Duden Korrektor Patch 012009
"{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}" = AeroFly Professional Deluxe
"{8B43AE66-21A4-1534-3804-E2E5B0B1B74B}" = Catalyst Control Center Localization Italian
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{98927BFC-813F-3A04-A75C-6E131E31F34D}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE22123-D4EE-4D3A-BE87-B5B2622537EF}" = Catalyst Control Center - Branding
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4C6B25C-F9C5-3AD8-AF30-260DF75C23D3}" = CCC Help Turkish
"{A8747D14-8760-1A5B-70C9-D30C3DC2E5C8}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD43F00-91CA-4BDC-A28E-CB3271A39386}" = Citrix Receiver (DV)
"{B582A79C-312D-3673-5A6C-54F3EE7CDDDA}" = Catalyst Control Center Localization Polish
"{BE282C23-5484-47FF-B2C1-EBEA5C891031}" = Nero 8
"{BE88C27E-9418-D76D-BA11-D127932DD6A8}" = Catalyst Control Center Localization Russian
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1CA7048-1331-D216-8648-DE0AD1C2D2D2}" = Catalyst Control Center Localization Turkish
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C3020228-A899-0F93-1168-E9D8AFDB3755}" = Catalyst Control Center Localization Chinese Standard
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C67E3460-4EA6-C3B0-DA09-D2613FE52083}" = Catalyst Control Center Localization Swedish
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CEFB064E-A177-1354-ECBE-2F752819F4F3}" = Catalyst Control Center Localization Hungarian
"{CEFFFB30-308B-B39C-E9D5-C804BB35F76D}" = CCC Help Russian
"{CFAF67D2-FD21-D3DE-E095-1CB4AF3D8DE4}" = ccc-core-static
"{D3BE386D-4A1F-D06B-51F3-B9C010FB60B7}" = Catalyst Control Center Localization Portuguese
"{D5B8CDB6-0F63-49BB-9E32-D0246BE90C8F}" = Duden Korrektor kompakt
"{D810B249-16C2-78C4-BC52-04333C4EEED4}" = CCC Help Greek
"{DAF37B83-F3A5-626F-B9E2-9B931B37C653}" = CCC Help Czech
"{DD60885C-0CBE-40D8-AA14-11D8EDD7D97C}" = Citrix Receiver Inside
"{DD811185-0A2F-460A-B1DD-D786E6034011}" = Citrix Receiver(Aero)
"{E13CDA67-9248-54B4-127A-C1BE8FCF54AA}" = CCC Help Portuguese
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E6EA750D-733D-5CFB-FE09-FE9D2965870A}" = Catalyst Control Center Localization Finnish
"{E8A6BB83-F875-53E1-6BC4-EDD490B68988}" = CCC Help Chinese Traditional
"{E8FC7C4A-FE4E-4356-A1B7-4DC57620DD5C}" = Citrix Authentication Manager
"{E9D314E9-A0BE-3B0F-7301-86928C6CF336}" = CCC Help Hungarian
"{EA684ACD-4EE8-3ACE-9D2A-19B86C156DC0}" = Catalyst Control Center Localization Korean
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F166954A-2FBD-B21E-D823-C9072424B1B3}" = CCC Help Thai
"{F465A8CB-63C4-56FD-EE07-D176CEB333DA}" = CCC Help Danish
"{F54AD6C3-0E7D-8706-AACE-D42F889FC7FF}" = Catalyst Control Center Localization French
"{F706E9C5-7543-FE75-2B75-B46E56EEF062}" = CCC Help Italian
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"Controller" = Controller
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"Flight Simulator 7.0" = Microsoft Flight Simulator 2000
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"FMS" = FMS
"Foxit Creator" = Foxit Creator
"Foxit Reader" = Foxit Reader
"HP PSC 1200 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"Intelli-studio" = SAMSUNG Intelli-studio
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Suite" = PC Suite
"ST6UNST #1" = MFTech IntCon 2.3.52
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-682003330-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HappyFoto Bestellsoftware" = HappyFoto Bestellsoftware
"OnlineFestplatte" = aon Online Festplatte (entfernen)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.10.2012 10:48:01 | Computer Name = USERPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.10.2012 10:50:20 | Computer Name = USERPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.10.2012 11:31:41 | Computer Name = USERPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung PhotoshopElements.exe, Version 2.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.10.2012 11:41:08 | Computer Name = USERPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.10.2012 11:45:40 | Computer Name = USERPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.10.2012 13:29:54 | Computer Name = USERPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 27.10.2012 17:27:09 | Computer Name = USERPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung a2free.exe, Version 4.5.0.32, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 27.10.2012 17:42:20 | Computer Name = USERPC | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 27.10.2012 18:31:07 | Computer Name = USERPC | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 29.10.2012 07:44:11 | Computer Name = USERPC | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
[ System Events ]
Error - 28.10.2012 15:30:22 | Computer Name = USERPC | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
 
Error - 28.10.2012 15:30:22 | Computer Name = USERPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 28.10.2012 15:43:07 | Computer Name = USERPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 28.10.2012 15:43:07 | Computer Name = USERPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 28.10.2012 15:45:28 | Computer Name = USERPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 29.10.2012 07:41:56 | Computer Name = USERPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 29.10.2012 07:41:56 | Computer Name = USERPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 29.10.2012 07:43:39 | Computer Name = USERPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 29.10.2012 07:44:20 | Computer Name = USERPC | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 29.10.2012 07:44:20 | Computer Name = USERPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >

--- --- ---

[/code]

cosinus · 31.10.2012, 14:34

Zitat:

Windows 7 DVD ist bereits unterwegs.

Hast du jetzt eh vor auf Windows7 umzusteigen?

hemisphere07 · 02.11.2012, 17:37

Bleibt mir wohl nichts anderes übrig. Damit kann ich zumindest mal ein Softwareproblem ausschließen.
Zur Zeit friert der Rechner im Betrieb das Bild für 10 Sek. ein, Lüfter heult auf, danach funktioniert alles wieder normal. Nach 10 Min. wieder das gleiche Spiel. Festplatte rattert andauernd. RAM's habe ich schon einzeln überprüft - ohne Erfolg.

Trotzdem vielen Dank für deine Hilfe - tolles Forum!

AdAware "Trojan.Win32.FakeVimes.ge"

Log-Analyse und Auswertung: AdAware "Trojan.Win32.FakeVimes.ge"