| |
| |||||||
Log-Analyse und Auswertung: Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash UpdateWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.11.2012, 10:07
| #1 | |
 |  Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash Update Guten Morgen! Mein PC zeigt in letzter Zeit seltsame Anzeichen einer Infektion. Beim Surfen mit Firefox werde ich, wenn ich auf Google nach etwas suche, von Zeit zu Zeit vom Google-Suchtreffer auf irgendwelche dubiosen Seiten, z.b. fresh-weather.com, umgeleitet. Außerdem öffnet sich dauernd ein Fenster, das mir einreden möchte, dass es beim Updaten des Adobe Flash Player zu einem Fehler kam. Deshalb habe ich zuerst Rkill und dann Malwarebytes ausgeführt. Malwarebytes findet nach einem Scan ein infiziertes Speichermodul, aber sehr am besten selber: Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.11.2012 21:47:10 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1022,48 Mb Total Physical Memory | 558,86 Mb Available Physical Memory | 54,66% Memory free 2,40 Gb Paging File | 2,01 Gb Available in Paging File | 83,76% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 38,34 Gb Total Space | 0,64 Gb Free Space | 1,66% Space Free | Partition Type: NTFS Computer Name: HANS | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.12 21:23:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2011.12.23 05:57:30 | 003,334,432 | ---- | M] (Akamai Technologies, Inc) -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe PRC - [2011.03.28 16:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2010.08.13 13:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.03.25 22:14:30 | 000,937,984 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\Realtek\11n USB Wireless LAN Utility\RtWLan.exe PRC - [2009.09.05 18:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2008.04.14 04:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.04.14 04:00:00 | 000,014,336 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exe PRC - [2007.08.23 18:40:48 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2007.08.23 18:36:30 | 000,455,968 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe PRC - [2007.06.27 20:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007.06.27 20:04:00 | 000,279,848 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe PRC - [2007.06.27 20:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe PRC - [2007.06.25 09:47:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\NBHGui.exe PRC - [2007.06.25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2007.06.25 09:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\InCD.exe PRC - [2006.02.17 11:40:18 | 000,270,336 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe PRC - [2006.02.17 11:39:02 | 000,139,264 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe PRC - [2006.02.17 11:35:58 | 000,127,035 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe PRC - [2006.02.17 11:35:42 | 000,061,503 | ---- | M] (NVIDIA) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe PRC - [2006.02.17 11:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe ========== Modules (No Company Name) ========== MOD - [2012.01.01 20:23:08 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll MOD - [2011.12.31 19:18:46 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2011.10.11 21:31:33 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll MOD - [2011.10.11 21:31:27 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll MOD - [2011.10.11 21:31:16 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll MOD - [2011.10.11 21:29:15 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011.10.11 21:28:52 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2009.12.09 22:20:06 | 000,126,976 | ---- | M] () -- C:\Programme\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll MOD - [2009.06.16 00:16:27 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.16 00:16:25 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.06.15 21:40:39 | 001,679,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2977.39104__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2009.06.15 21:40:39 | 000,688,128 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2977.39285__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll MOD - [2009.06.15 21:40:39 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2977.39309__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2009.06.15 21:40:39 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2977.39064__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2009.06.15 21:40:39 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2977.39118__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2009.06.15 21:40:39 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2977.39300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2009.06.15 21:40:39 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2977.39263__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2009.06.15 21:40:39 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2977.39097__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2009.06.15 21:40:39 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2977.39217__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2009.06.15 21:40:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2977.39084__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2009.06.15 21:40:38 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2977.39334__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2009.06.15 21:40:24 | 000,352,256 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2977.39271__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2009.06.15 21:40:24 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2977.39340__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2009.06.15 21:40:24 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2977.39111__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2009.06.15 21:40:24 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2977.39277__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2009.06.15 21:40:24 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2977.39076__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2009.06.15 21:40:24 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2977.39270__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2009.06.15 21:40:24 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2977.39110__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2009.06.15 21:40:23 | 000,442,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2977.39361__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2009.06.15 21:40:23 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2977.39361__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2009.06.15 21:40:22 | 000,802,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2977.39227__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2009.06.15 21:40:22 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2977.39292__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2009.06.15 21:40:22 | 000,217,088 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2977.39124__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2009.06.15 21:40:22 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2977.39226__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2009.06.15 21:40:21 | 000,901,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2977.39302__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2009.06.15 21:40:21 | 000,663,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2977.39265__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll MOD - [2009.06.15 21:40:21 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2977.39131__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2009.06.15 21:40:21 | 000,479,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2977.39219__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2009.06.15 21:40:21 | 000,442,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2977.39211__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2009.06.15 21:40:21 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2977.39085__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2009.06.15 21:40:21 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2977.39244__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2009.06.15 21:40:21 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2977.39218__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2009.06.15 21:40:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2977.39137__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2009.06.15 21:40:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2977.39226__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2009.06.15 21:40:21 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2977.39243__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2009.06.15 21:40:21 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2977.39255__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2009.06.15 21:40:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2009.06.15 21:40:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2009.06.15 21:40:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2009.06.15 21:40:20 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2009.06.15 21:40:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2009.06.15 21:40:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2009.06.15 21:40:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2009.06.15 21:40:20 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2009.06.15 21:40:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2009.06.15 21:40:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2009.06.15 21:40:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2009.06.15 21:40:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2009.06.15 21:40:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2009.06.15 21:40:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2009.06.15 21:40:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2009.06.15 21:40:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2009.06.15 21:40:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2009.06.15 21:40:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2009.06.15 21:40:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2009.06.15 21:40:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2009.06.15 21:40:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2009.06.15 21:40:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2009.06.15 21:40:20 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2009.06.15 21:40:19 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2009.06.15 21:40:19 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2939.23747__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2009.06.15 21:40:19 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2009.06.15 21:40:19 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2009.06.15 21:40:19 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2009.06.15 21:40:19 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2009.06.15 21:40:19 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2009.06.15 21:40:19 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2009.06.15 21:40:19 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2009.06.15 21:40:19 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2009.06.15 21:40:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2009.06.15 21:40:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2009.06.15 21:40:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2009.06.15 21:40:18 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2009.06.15 21:40:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2009.06.15 21:40:18 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2009.06.15 21:40:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2009.06.15 21:40:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2009.06.15 21:40:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2009.06.15 21:40:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2009.06.15 21:40:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2009.06.15 21:40:14 | 000,005,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2977.39315_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2009.06.15 21:40:13 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2977.39091__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2009.06.15 21:40:13 | 000,413,696 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2977.39315__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2009.06.15 21:40:13 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2977.39324__90ba9c70f846762e\MOM.Implementation.dll MOD - [2009.06.15 21:40:13 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2977.39322__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2009.06.15 21:40:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2009.06.15 21:40:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2977.39353__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2009.06.15 21:40:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2009.06.15 21:40:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2009.06.15 21:40:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2009.06.15 21:40:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2009.06.15 21:40:13 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2977.39364__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2009.06.15 21:40:13 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2977.39056__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2009.06.15 21:40:12 | 001,507,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2977.39071__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2009.06.15 21:40:12 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2977.39056__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2009.06.15 21:40:12 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2977.39057__90ba9c70f846762e\ATIDEMOS.dll MOD - [2009.06.15 21:40:12 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2977.39055__90ba9c70f846762e\APM.Server.dll MOD - [2009.06.15 21:40:12 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2009.06.15 21:40:12 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2977.39055__90ba9c70f846762e\AEM.Server.dll MOD - [2009.06.15 21:40:12 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2009.06.15 21:40:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2977.39323__90ba9c70f846762e\CCC.Implementation.dll MOD - [2009.06.15 21:40:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2009.06.15 21:40:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2009.06.15 21:40:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.06.20 17:02:46 | 000,247,296 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll MOD - [2008.06.20 17:02:46 | 000,247,296 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll MOD - [2008.04.14 04:00:00 | 002,981,888 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\xpsp2res.dll MOD - [2008.04.14 04:00:00 | 000,119,296 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\NTMARTA.DLL MOD - [2008.04.14 04:00:00 | 000,064,000 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\SAMLIB.dll MOD - [2008.04.14 04:00:00 | 000,050,688 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\smss.exe MOD - [2008.04.14 04:00:00 | 000,014,336 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exe MOD - [2007.08.14 16:43:46 | 006,365,184 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtGui4.dll MOD - [2007.07.12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtCore4.dll MOD - [2007.07.12 12:11:54 | 001,163,264 | ---- | M] () -- C:\Programme\Realtek\11n USB Wireless LAN Utility\acAuth.dll MOD - [2006.02.17 11:39:02 | 000,139,264 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe MOD - [2006.02.17 11:17:08 | 000,876,544 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll MOD - [2006.02.17 11:17:08 | 000,159,744 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll MOD - [2006.02.17 11:17:08 | 000,024,691 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so MOD - [2005.01.06 19:33:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntiopnp.dll -- (wuolservice) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\z525bus.dll -- (w810bus) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rnadiagreceiver.dll -- (uleadburninghelper) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcods.dll -- (SlNtHal) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ifxtcs.dll -- (pdlndlpb) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\z800mgmt.dll -- (ltmodem5) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\omnidrv.dll -- (filterservice) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lpds.dll -- (DCamUSBSQTECH) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCMWLNPF.dll -- (CVPNDRVA) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmXlCore.dll -- (cltnetcnservice) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\flpydisk.dll -- (BTSLBCSP) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcmscsvc.dll -- (amdk77) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MaxtorFrontPanel1.dll -- (agnwifi) SRV - [2012.11.12 20:34:14 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012.07.19 14:06:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.09.15 17:40:39 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.03.28 16:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.02.02 15:08:16 | 000,018,656 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010.08.13 13:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.01.29 22:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.08.20 10:54:55 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.04.14 04:00:00 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\USBVCD.dll -- (veteboot) SRV - [2007.08.23 18:40:48 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007.06.27 20:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007.06.25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.02.17 11:39:02 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) SRV - [2006.02.17 11:35:58 | 000,127,035 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp) SRV - [2006.02.17 11:35:42 | 000,061,503 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog) SRV - [2006.02.17 11:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface) SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\qsvhiy.sys -- (tpibpni) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\cbgwr.sys -- (kgjupb) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2010.03.10 12:28:40 | 000,602,912 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010.03.02 13:52:08 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010.03.02 13:52:08 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010.03.02 13:52:08 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2010.02.22 09:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2009.11.10 12:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.11.10 12:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.11.10 12:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.09.16 17:43:51 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009.09.16 17:43:50 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2008.05.02 11:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2008.05.02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.02 11:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.02.26 06:51:42 | 002,863,616 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007.06.25 09:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm) DRV - [2007.06.25 09:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007.06.25 09:47:12 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2007.06.25 09:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs) DRV - [2006.12.28 17:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService) DRV - [2006.11.15 07:34:40 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2006.10.30 04:31:58 | 000,043,648 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID) DRV - [2006.04.24 18:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata) DRV - [2006.02.17 12:28:32 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006.02.17 12:28:30 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006.02.07 12:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO) DRV - [2004.08.12 09:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.at IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.at IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.at IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.at IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.at IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.at IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.at IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.at IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-823518204-113007714-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.at IE - HKU\S-1-5-21-823518204-113007714-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-823518204-113007714-1417001333-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-823518204-113007714-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-823518204-113007714-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.backup.ftp: "proxy.aon.at" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.socks: "proxy.aon.at" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "proxy.aon.at" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "proxy.aon.at" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "proxy.aon.at" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy.aon.at" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "proxy.aon.at" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.19 14:06:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.16 11:30:48 | 000,000,000 | ---D | M] [2009.06.23 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2012.10.25 16:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\zhqezvqk.default\extensions [2010.04.28 16:16:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\zhqezvqk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.27 17:34:28 | 000,075,799 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\zhqezvqk.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2011.12.08 16:33:25 | 000,061,705 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\zhqezvqk.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012.01.18 13:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.18 13:53:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2009.06.27 17:33:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.07.19 14:06:01 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.06.20 13:19:24 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.20 13:19:24 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.20 13:19:24 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.20 13:19:24 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.20 13:19:24 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 13:19:24 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O3 - HKU\S-1-5-21-823518204-113007714-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe () O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [nTrayFw] C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation) O4 - HKLM..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-823518204-113007714-1417001333-1003..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-823518204-113007714-1417001333-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-823518204-113007714-1417001333-1003..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\.DEFAULT..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\ConduitEngine /f File not found O4 - HKU\S-1-5-18..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\ConduitEngine /f File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Programme\Realtek\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-823518204-113007714-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Programme\Bonjour\mdnsNSP.dll File not found O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4902E8F0-EFE8-4276-9B21-35F94F5CB11D}: NameServer = 195.3.96.67,195.3.96.68 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.15 19:22:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.08 21:49:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe [2012.10.28 22:34:46 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.10.25 23:08:04 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe [2012.10.25 22:52:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.10.24 01:45:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.12 21:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At44.job [2012.11.12 21:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job [2012.11.12 21:45:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.12 21:45:31 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd [2012.11.12 21:45:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.12 21:34:08 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\dvoum6yj.exe [2012.11.12 21:23:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.11.12 21:02:13 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2012.11.12 21:01:51 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\winscp.rnd [2012.11.12 20:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At42.job [2012.11.12 20:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job [2012.11.12 20:43:35 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe [2012.11.12 19:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At40.job [2012.11.12 19:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job [2012.11.09 00:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2012.11.09 00:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2012.11.08 23:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At48.job [2012.11.08 23:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job [2012.11.08 22:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At46.job [2012.11.08 22:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job [2012.11.06 18:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At38.job [2012.11.06 18:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job [2012.11.06 17:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At36.job [2012.11.06 17:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job [2012.11.06 17:04:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.11.06 16:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At34.job [2012.11.06 16:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job [2012.11.06 10:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2012.11.06 10:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2012.11.06 04:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2012.11.06 04:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2012.11.06 03:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2012.11.06 03:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job [2012.11.06 02:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At6.job [2012.11.06 02:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job [2012.11.06 01:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2012.11.06 01:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2012.11.05 09:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2012.11.05 09:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2012.10.30 15:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At32.job [2012.10.30 15:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job [2012.10.28 17:32:25 | 000,520,666 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.28 17:32:25 | 000,496,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.28 17:32:25 | 000,102,196 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.28 17:32:25 | 000,085,338 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.28 14:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At30.job [2012.10.28 14:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job [2012.10.28 13:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At28.job [2012.10.28 13:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job [2012.10.28 12:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At26.job [2012.10.28 12:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job [2012.10.28 11:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2012.10.28 11:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2012.10.28 08:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2012.10.28 08:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2012.10.28 07:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2012.10.28 07:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2012.10.28 06:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2012.10.28 06:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job [2012.10.28 05:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At12.job [2012.10.28 05:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2012.10.25 23:38:19 | 000,026,112 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.25 23:38:19 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.10.25 23:08:09 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe [2012.10.25 23:05:00 | 000,538,941 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe [2012.10.25 18:58:36 | 000,000,651 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.12 21:34:08 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\dvoum6yj.exe [2012.11.12 21:02:13 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2012.11.12 20:43:35 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe [2012.10.25 23:04:59 | 000,538,941 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe [2012.02.16 11:33:17 | 000,001,563 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel [2012.02.01 14:54:09 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\1rcOE7.com.d [2012.01.26 15:26:51 | 000,000,112 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\075GMAU.dat [2012.01.25 11:44:34 | 000,008,752 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\6186f58 [2012.01.25 11:44:34 | 000,008,738 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ff90fc39 [2011.09.16 20:56:17 | 000,694,334 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-823518204-113007714-1417001333-1003-0.dat [2011.09.15 18:18:05 | 000,326,842 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.09.15 17:41:53 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc [2011.09.14 17:43:10 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2011.09.14 17:40:56 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2010.10.17 16:27:01 | 000,463,336 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.04.15 10:15:27 | 000,022,662 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Expert2.lst [2010.04.15 10:15:25 | 000,000,100 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Expert2.prf [2010.04.15 10:15:24 | 000,004,836 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Expert2.dic [2009.12.06 19:13:30 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\winscp.rnd [2009.10.24 12:14:42 | 000,011,088 | ---- | C] () -- C:\Dokumente und Einstellungen\***\gsview32.ini [2009.06.20 18:21:17 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.gtkrc-2.0 [2009.06.16 19:42:11 | 000,026,112 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.15 22:49:00 | 000,000,042 | ---- | C] () -- C:\Dokumente und Einstellungen\***\default.pls ========== ZeroAccess Check ========== [2009.06.15 21:36:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009.04.29 05:33:23 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.03.27 22:31:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\.# [2009.10.26 16:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ebner [2010.07.27 19:21:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EPSON [2010.07.05 13:13:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0 [2009.08.22 10:15:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\IrfanView [2009.07.01 18:17:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\4D [2011.09.15 17:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk [2009.10.28 08:11:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF [2012.06.16 15:30:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\inka software [2009.06.15 22:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2011.05.14 23:14:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at [2010.09.23 19:00:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ORCA AVA [2009.12.30 21:18:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2010.09.18 19:13:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.03.08 10:15:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.06.23 18:40:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2011.05.14 23:12:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{92809A0D-A823-4253-90B2-7D5F59F20E10} [2009.07.01 14:10:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\.purple [2010.09.21 14:22:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\DVDVideoSoftIEHelpers [2009.10.26 21:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Ebner [2009.10.07 12:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\EPSON [2012.10.25 22:52:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.purple [2011.09.15 17:33:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Autodesk [2009.09.01 09:09:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EPSON [2012.02.16 10:51:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0 [2012.06.16 15:30:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\inka software [2011.08.07 17:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IrfanView [2010.04.30 21:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech [2012.02.01 14:51:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\PriceGong ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\WINDOWS\$NtUninstallKB19265$] -> Error: Cannot create file handle -> Unknown point type < End of report > Daraufhin habe ich über die Nacht GMER laufen lassen. GMER fand auch ein Rootkit, leider konnte ich jedoch GMERs Log nicht speichern. Da kamen dubiose Fehlermeldungen bzw. hing sich der PC auf. Hat jemand Tipps für mich, wie man das Problem lösen könnte? Vielen Dank im Voraus, Tegetthoff |
|
13.11.2012, 14:53
| #2 | |
| /// TB-Ausbilder  | Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash Update Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:Schritt 2: Scan mit aswMBR Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
__________________ |
|
15.11.2012, 10:58
| #3 |
| | Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash Update Hallo!
__________________Vielen Dank für deine Hilfe. Ich habe deine Anweisungen ausgeführt und poste die Logs gleich hier im Anschluss: defogger_disable.txt: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:56 on 15/11/2012 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-15 10:00:18
-----------------------------
10:00:18.015 OS Version: Windows 5.1.2600 Service Pack 3
10:00:18.015 Number of processors: 2 586 0x1706
10:00:18.015 ComputerName: HANS UserName:
10:00:19.421 Initialize success
10:04:07.984 AVAST engine defs: 12111500
10:04:32.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-17
10:04:32.437 Disk 0 Vendor: ExcelStor_Technology_J340 V22OA63A Size: 39266MB BusType: 3
10:04:32.468 Disk 0 MBR read successfully
10:04:32.468 Disk 0 MBR scan
10:04:32.562 Disk 0 Windows XP default MBR code
10:04:32.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39264 MB offset 2048
10:04:32.578 Disk 0 scanning sectors +80414720
10:04:32.640 Disk 0 scanning C:\WINDOWS\system32\drivers
10:04:37.218 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Smadow [Rtk]
10:04:42.765 Disk 0 trace - called modules:
10:04:42.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xae16eff0]<<
10:04:42.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f59ab8]
10:04:42.781 3 CLASSPNP.SYS[f7680fd7] -> nt!IofCallDriver -> [0x86cb01b0]
10:04:42.796 \Driver\00002263[0x85fb8d08] -> IRP_MJ_CREATE -> 0xae16eff0
10:04:46.468 AVAST engine scan C:\WINDOWS
10:05:16.078 AVAST engine scan C:\WINDOWS\system32
10:07:51.140 File: C:\WINDOWS\system32\USBVCD.dll **INFECTED** Win32:Sirefef-SM [Trj]
10:12:03.281 AVAST engine scan C:\WINDOWS\system32\drivers
10:12:10.546 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Smadow [Rtk]
10:12:22.640 AVAST engine scan C:\Dokumente und Einstellungen\***
10:13:55.109 File: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\zhqezvqk.default\sessionstore.js **SUSPICIOUS**
10:31:45.281 AVAST engine scan C:\Dokumente und Einstellungen\All Users
10:37:13.828 Scan finished successfully
10:42:08.328 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"
10:42:08.390 The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR.txt"
Code:
ATTFilter 10:44:25.0531 10664 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:44:27.0546 10664 ============================================================
10:44:27.0546 10664 Current date / time: 2012/11/15 10:44:27.0546
10:44:27.0546 10664 SystemInfo:
10:44:27.0546 10664
10:44:27.0546 10664 OS Version: 5.1.2600 ServicePack: 3.0
10:44:27.0546 10664 Product type: Workstation
10:44:27.0546 10664 ComputerName: HANS
10:44:27.0546 10664 UserName: ***
10:44:27.0546 10664 Windows directory: C:\WINDOWS
10:44:27.0546 10664 System windows directory: C:\WINDOWS
10:44:27.0546 10664 Processor architecture: Intel x86
10:44:27.0546 10664 Number of processors: 2
10:44:27.0546 10664 Page size: 0x1000
10:44:27.0546 10664 Boot type: Normal boot
10:44:27.0546 10664 ============================================================
10:44:29.0375 10664 Drive \Device\Harddisk0\DR0 - Size: 0x9962B8000 (38.35 Gb), SectorSize: 0x200, Cylinders: 0x138D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:44:29.0375 10664 ============================================================
10:44:29.0375 10664 \Device\Harddisk0\DR0:
10:44:29.0375 10664 MBR partitions:
10:44:29.0375 10664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4CB0000
10:44:29.0375 10664 ============================================================
10:44:29.0390 10664 C: <-> \Device\Harddisk0\DR0\Partition1
10:44:29.0406 10664 ============================================================
10:44:29.0406 10664 Initialize success
10:44:29.0406 10664 ============================================================
10:44:47.0687 11016 ============================================================
10:44:47.0687 11016 Scan started
10:44:47.0687 11016 Mode: Manual; TDLFS;
10:44:47.0687 11016 ============================================================
10:44:49.0343 11016 ================ Scan system memory ========================
10:44:49.0343 11016 System memory - ok
10:44:49.0343 11016 ================ Scan services =============================
10:44:49.0437 11016 Abiosdsk - ok
10:44:49.0437 11016 abp480n5 - ok
10:44:49.0484 11016 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:44:49.0484 11016 ACPI - ok
10:44:49.0500 11016 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:44:49.0500 11016 ACPIEC - ok
10:44:49.0562 11016 [ 6D182C31ACF16213407F2768F1107FE3 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
10:44:49.0578 11016 Adobe LM Service - ok
10:44:49.0578 11016 adpu160m - ok
10:44:49.0593 11016 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:44:49.0625 11016 aec - ok
10:44:49.0640 11016 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:44:49.0640 11016 AegisP - ok
10:44:49.0687 11016 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:44:49.0703 11016 AFD - ok
10:44:49.0703 11016 agnwifi - ok
10:44:49.0703 11016 Aha154x - ok
10:44:49.0703 11016 aic78u2 - ok
10:44:49.0718 11016 aic78xx - ok
10:44:50.0187 11016 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll
10:44:50.0187 11016 Suspicious file (Hidden): c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
10:44:50.0203 11016 Akamai ( HiddenFile.Multi.Generic ) - warning
10:44:50.0203 11016 Akamai - detected HiddenFile.Multi.Generic (1)
10:44:50.0234 11016 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:44:50.0250 11016 Alerter - ok
10:44:50.0265 11016 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
10:44:50.0265 11016 ALG - ok
10:44:50.0281 11016 AliIde - ok
10:44:50.0281 11016 amdk77 - ok
10:44:50.0296 11016 amsint - ok
10:44:50.0359 11016 [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:44:50.0359 11016 Apple Mobile Device - ok
10:44:50.0437 11016 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:44:50.0437 11016 AppMgmt - ok
10:44:50.0453 11016 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:44:50.0453 11016 Arp1394 - ok
10:44:50.0468 11016 asc - ok
10:44:50.0468 11016 asc3350p - ok
10:44:50.0484 11016 asc3550 - ok
10:44:50.0546 11016 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:44:50.0562 11016 aspnet_state - ok
10:44:50.0578 11016 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:44:50.0578 11016 AsyncMac - ok
10:44:50.0609 11016 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:44:50.0609 11016 atapi - ok
10:44:50.0640 11016 Atdisk - ok
10:44:50.0687 11016 [ C49A64D70DD96F1A511F2D2BADFB924F ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
10:44:50.0687 11016 Ati HotKey Poller - ok
10:44:50.0718 11016 [ FDC4B0D5E8D477C75D962F395C3A25F0 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
10:44:50.0734 11016 ATI Smart - ok
10:44:50.0890 11016 [ 4F1D98C5FAA232D89F479AA2F6EF4196 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:44:50.0984 11016 ati2mtag - ok
10:44:51.0031 11016 [ 6E996CF8459A2594E0E9609D0E34D41F ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
10:44:51.0046 11016 atksgt - ok
10:44:51.0078 11016 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:44:51.0078 11016 Atmarpc - ok
10:44:51.0093 11016 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:44:51.0093 11016 AudioSrv - ok
10:44:51.0125 11016 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:44:51.0125 11016 audstub - ok
10:44:51.0187 11016 [ 1992C2A1867D95AA3A0802539358D162 ] Autodesk Content Service C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe
10:44:51.0187 11016 Autodesk Content Service - ok
10:44:51.0218 11016 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:44:51.0234 11016 Beep - ok
10:44:51.0265 11016 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
10:44:51.0453 11016 BITS - ok
10:44:51.0609 11016 [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
10:44:51.0640 11016 Bonjour Service - ok
10:44:51.0671 11016 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
10:44:51.0671 11016 Browser - ok
10:44:51.0687 11016 BTSLBCSP - ok
10:44:51.0718 11016 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:44:51.0718 11016 cbidf2k - ok
10:44:51.0718 11016 cd20xrnt - ok
10:44:51.0734 11016 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:44:51.0734 11016 Cdaudio - ok
10:44:51.0765 11016 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:44:51.0781 11016 Cdfs - ok
10:44:51.0796 11016 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:44:51.0796 11016 Cdrom - ok
10:44:51.0812 11016 Changer - ok
10:44:51.0828 11016 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:44:51.0828 11016 CiSvc - ok
10:44:51.0843 11016 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:44:51.0843 11016 ClipSrv - ok
10:44:51.0890 11016 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:44:51.0984 11016 clr_optimization_v2.0.50727_32 - ok
10:44:52.0015 11016 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:44:52.0109 11016 clr_optimization_v4.0.30319_32 - ok
10:44:52.0125 11016 cltnetcnservice - ok
10:44:52.0125 11016 CmdIde - ok
10:44:52.0140 11016 COMSysApp - ok
10:44:52.0156 11016 Cpqarray - ok
10:44:52.0187 11016 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:44:52.0187 11016 CryptSvc - ok
10:44:52.0187 11016 CVPNDRVA - ok
10:44:52.0203 11016 dac2w2k - ok
10:44:52.0218 11016 dac960nt - ok
10:44:52.0234 11016 DCamUSBSQTECH - ok
10:44:52.0265 11016 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:44:52.0281 11016 DcomLaunch - ok
10:44:52.0296 11016 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:44:52.0312 11016 Dhcp - ok
10:44:52.0328 11016 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:44:52.0328 11016 Disk - ok
10:44:52.0328 11016 dmadmin - ok
10:44:52.0421 11016 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:44:52.0437 11016 dmboot - ok
10:44:52.0453 11016 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:44:52.0468 11016 dmio - ok
10:44:52.0468 11016 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:44:52.0468 11016 dmload - ok
10:44:52.0500 11016 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:44:52.0500 11016 dmserver - ok
10:44:52.0531 11016 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:44:52.0531 11016 DMusic - ok
10:44:52.0562 11016 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:44:52.0562 11016 Dnscache - ok
10:44:52.0593 11016 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:44:52.0609 11016 Dot3svc - ok
10:44:52.0625 11016 dpti2o - ok
10:44:52.0640 11016 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:44:52.0640 11016 drmkaud - ok
10:44:52.0687 11016 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:44:52.0703 11016 EapHost - ok
10:44:52.0703 11016 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:44:52.0703 11016 ERSvc - ok
10:44:52.0734 11016 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
10:44:52.0750 11016 Eventlog - ok
10:44:52.0781 11016 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
10:44:52.0781 11016 EventSystem - ok
10:44:52.0859 11016 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:44:52.0859 11016 Fastfat - ok
10:44:52.0906 11016 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:44:52.0921 11016 FastUserSwitchingCompatibility - ok
10:44:52.0937 11016 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:44:52.0937 11016 Fdc - ok
10:44:52.0953 11016 filterservice - ok
10:44:52.0953 11016 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:44:52.0953 11016 Fips - ok
10:44:53.0031 11016 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:44:53.0046 11016 FLEXnet Licensing Service - ok
10:44:53.0062 11016 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:44:53.0062 11016 Flpydisk - ok
10:44:53.0140 11016 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:44:53.0140 11016 FltMgr - ok
10:44:53.0203 11016 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:44:53.0312 11016 FontCache3.0.0.0 - ok
10:44:53.0390 11016 [ A6F98D7FB17477E6EC99538223B54DAA ] ForceWare Intelligent Application Manager (IAM) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
10:44:53.0390 11016 ForceWare Intelligent Application Manager (IAM) - ok
10:44:53.0406 11016 [ B81F8778F5BB485F3B75114F0C99A49F ] ForcewareWebInterface C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
10:44:53.0406 11016 ForcewareWebInterface - ok
10:44:53.0421 11016 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:44:53.0421 11016 Fs_Rec - ok
10:44:53.0453 11016 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:44:53.0468 11016 Ftdisk - ok
10:44:53.0546 11016 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:44:53.0546 11016 GEARAspiWDM - ok
10:44:53.0562 11016 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:44:53.0750 11016 Gpc - ok
10:44:53.0812 11016 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
10:44:53.0859 11016 hamachi - ok
10:44:53.0953 11016 [ 4480BF01193E88DDB466092D6532865C ] Hamachi2Svc C:\Programme\LogMeIn Hamachi\hamachi-2.exe
10:44:54.0031 11016 Hamachi2Svc - ok
10:44:54.0062 11016 [ 56BF27D7A539F9E6BBC1DE201ABA0EDF ] HdAudAddService C:\WINDOWS\system32\drivers\AtiHdAud.sys
10:44:54.0062 11016 HdAudAddService - ok
10:44:54.0093 11016 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:44:54.0093 11016 HDAudBus - ok
10:44:54.0125 11016 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:44:54.0125 11016 helpsvc - ok
10:44:54.0140 11016 HidServ - ok
10:44:54.0187 11016 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:44:54.0187 11016 HidUsb - ok
10:44:54.0218 11016 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:44:54.0218 11016 hkmsvc - ok
10:44:54.0218 11016 hpn - ok
10:44:54.0281 11016 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:44:54.0281 11016 HTTP - ok
10:44:54.0312 11016 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:44:54.0312 11016 HTTPFilter - ok
10:44:54.0343 11016 i2omgmt - ok
10:44:54.0343 11016 i2omp - ok
10:44:54.0390 11016 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:44:54.0406 11016 i8042prt - ok
10:44:54.0468 11016 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:44:54.0468 11016 IDriverT - ok
10:44:54.0562 11016 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:44:54.0578 11016 idsvc - ok
10:44:54.0609 11016 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:44:54.0609 11016 Imapi - ok
10:44:54.0640 11016 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
10:44:54.0640 11016 ImapiService - ok
10:44:54.0671 11016 [ 580A81790CD0A48D85DA322267DA7AC4 ] InCDfs C:\WINDOWS\system32\drivers\InCDFs.sys
10:44:54.0671 11016 InCDfs - ok
10:44:54.0687 11016 [ AAA2789D2CE21B31BE9406BA1CEB7285 ] InCDPass C:\WINDOWS\system32\drivers\InCDPass.sys
10:44:54.0687 11016 InCDPass - ok
10:44:54.0703 11016 [ 4D022577E9072B5D22E0A383A7806BBB ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys
10:44:54.0703 11016 InCDrec - ok
10:44:54.0718 11016 [ C258E57321A3C3737F4FA815FA69EE0B ] incdrm C:\WINDOWS\system32\drivers\InCDRm.sys
10:44:54.0718 11016 incdrm - ok
10:44:54.0937 11016 [ 9792B85E32E058CD6A43DB274BA47D57 ] InCDsrv C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
10:44:55.0000 11016 InCDsrv - ok
10:44:55.0015 11016 ini910u - ok
10:44:55.0343 11016 [ 60D7460B07012D364CED11DD9FD83E1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:44:55.0671 11016 IntcAzAudAddService - ok
10:44:55.0687 11016 IntelIde - ok
10:44:55.0703 11016 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:44:55.0703 11016 intelppm - ok
10:44:55.0718 11016 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:44:55.0718 11016 Ip6Fw - ok
10:44:55.0750 11016 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:44:55.0750 11016 IpFilterDriver - ok
10:44:55.0796 11016 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:44:55.0796 11016 IpInIp - ok
10:44:55.0875 11016 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:44:55.0875 11016 IpNat - ok
10:44:55.0937 11016 [ DCB3796E0169419618C72F0CE34C68ED ] iPod Service C:\Programme\iPod\bin\iPodService.exe
10:44:55.0968 11016 iPod Service - ok
10:44:56.0000 11016 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:44:56.0000 11016 IPSec - ok
10:44:56.0015 11016 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:44:56.0015 11016 IRENUM - ok
10:44:56.0031 11016 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:44:56.0031 11016 isapnp - ok
10:44:56.0125 11016 [ 44FFBA62F0F426B581759C49AAFEC2E2 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
10:44:56.0125 11016 JavaQuickStarterService - ok
10:44:56.0171 11016 [ C995C0E8B4503FAC38793BB0236AD246 ] JGOGO C:\WINDOWS\system32\DRIVERS\JGOGO.sys
10:44:56.0171 11016 JGOGO - ok
10:44:56.0171 11016 [ F4A31E66A61C0783F51157519B03280B ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
10:44:56.0171 11016 JRAID - ok
10:44:56.0203 11016 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:44:56.0203 11016 Kbdclass - ok
10:44:56.0218 11016 kgjupb - ok
10:44:56.0250 11016 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:44:56.0250 11016 kmixer - ok
10:44:56.0296 11016 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:44:56.0296 11016 KSecDD - ok
10:44:56.0328 11016 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
10:44:56.0328 11016 LanmanServer - ok
10:44:56.0359 11016 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:44:56.0359 11016 lanmanworkstation - ok
10:44:56.0359 11016 lbrtfdc - ok
10:44:56.0500 11016 [ A15A462F3BBB68974419B7158F4B3647 ] LBTServ C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\lbtserv.exe
10:44:56.0531 11016 LBTServ - ok
10:44:56.0546 11016 [ F5E165B4E3DF145F6E8BF3C0573F94D8 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
10:44:56.0562 11016 LHidFilt - ok
10:44:56.0609 11016 [ 53710476495886D9961BE46983A6A33F ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
10:44:56.0609 11016 LightScribeService - ok
10:44:56.0640 11016 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
10:44:56.0640 11016 lirsgt - ok
10:44:56.0687 11016 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:44:56.0687 11016 LmHosts - ok
10:44:56.0734 11016 [ B46E39B8AE439D7CE75A923E7F950040 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
10:44:56.0734 11016 LMouFilt - ok
10:44:56.0734 11016 ltmodem5 - ok
10:44:56.0765 11016 [ 9BBD8674C1D3811B851C8CF8A8E30E2C ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
10:44:56.0843 11016 LUsbFilt - ok
10:44:57.0031 11016 [ 0B058116D3D4ECCA7DED38F16E0581B2 ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
10:44:57.0031 11016 massfilter - ok
10:44:57.0062 11016 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:44:57.0062 11016 Messenger - ok
10:44:57.0203 11016 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
10:44:57.0250 11016 Microsoft Office Groove Audit Service - ok
10:44:57.0281 11016 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:44:57.0281 11016 mnmdd - ok
10:44:57.0312 11016 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:44:57.0312 11016 mnmsrvc - ok
10:44:57.0328 11016 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:44:57.0328 11016 Modem - ok
10:44:57.0343 11016 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:44:57.0343 11016 Mouclass - ok
10:44:57.0359 11016 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:44:57.0359 11016 mouhid - ok
10:44:57.0390 11016 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:44:57.0390 11016 MountMgr - ok
10:44:57.0453 11016 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
10:44:57.0453 11016 MozillaMaintenance - ok
10:44:57.0468 11016 mraid35x - ok
10:44:57.0484 11016 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:44:57.0484 11016 MRxDAV - ok
10:44:57.0515 11016 [ 7A86FF971CD7FD13DEC878225D2D16E4 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:44:57.0531 11016 MRxSmb ( Virus.Win32.ZAccess.l ) - infected
10:44:57.0531 11016 MRxSmb - detected Virus.Win32.ZAccess.l (0)
10:44:57.0546 11016 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:44:57.0546 11016 MSDTC - ok
10:44:57.0609 11016 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:44:57.0609 11016 Msfs - ok
10:44:57.0609 11016 MSIServer - ok
10:44:57.0625 11016 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:44:57.0625 11016 MSKSSRV - ok
10:44:57.0625 11016 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:44:57.0640 11016 MSPCLOCK - ok
10:44:57.0640 11016 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:44:57.0640 11016 MSPQM - ok
10:44:57.0656 11016 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:44:57.0656 11016 mssmbios - ok
10:44:57.0703 11016 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
10:44:57.0703 11016 MTsensor - ok
10:44:57.0765 11016 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:44:57.0796 11016 Mup - ok
10:44:57.0906 11016 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
10:44:58.0265 11016 napagent - ok
10:44:58.0390 11016 [ B498A14133BD09AD0817590ACE4470AD ] NBService C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
10:44:58.0625 11016 NBService - ok
10:44:58.0640 11016 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:44:58.0656 11016 NDIS - ok
10:44:58.0703 11016 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:44:58.0703 11016 NdisTapi - ok
10:44:58.0734 11016 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:44:58.0734 11016 Ndisuio - ok
10:44:58.0750 11016 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:44:58.0765 11016 NdisWan - ok
10:44:58.0781 11016 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:44:58.0781 11016 NDProxy - ok
10:44:58.0796 11016 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:44:58.0812 11016 NetBIOS - ok
10:44:58.0828 11016 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:44:58.0828 11016 NetBT - ok
10:44:58.0875 11016 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
10:44:58.0890 11016 NetDDE - ok
10:44:58.0890 11016 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:44:58.0906 11016 NetDDEdsdm - ok
10:44:58.0968 11016 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:44:58.0984 11016 Netlogon - ok
10:44:59.0078 11016 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
10:44:59.0078 11016 Netman - ok
10:44:59.0109 11016 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:44:59.0156 11016 NetTcpPortSharing - ok
10:44:59.0187 11016 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:44:59.0187 11016 NIC1394 - ok
10:44:59.0203 11016 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
10:44:59.0218 11016 Nla - ok
10:44:59.0265 11016 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
10:44:59.0265 11016 NMIndexingService - ok
10:44:59.0296 11016 [ C82F4CC10AD315B6D6BCB14D0A7CAD66 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
10:44:59.0296 11016 nmwcd - ok
10:44:59.0312 11016 [ 60EF5F5621D7832F00A3F190A0C905E2 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
10:44:59.0312 11016 nmwcdc - ok
10:44:59.0328 11016 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:44:59.0328 11016 Npfs - ok
10:44:59.0343 11016 [ C98168642B15B5EC4AF116E4C30C8BAF ] nSvcIp C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
10:44:59.0343 11016 nSvcIp - ok
10:44:59.0375 11016 [ 381A4EDAC8C5D4327E27387686087A99 ] nSvcLog C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
10:44:59.0375 11016 nSvcLog - ok
10:44:59.0421 11016 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:44:59.0453 11016 Ntfs - ok
10:44:59.0468 11016 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:44:59.0468 11016 NtLmSsp - ok
10:44:59.0500 11016 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:44:59.0531 11016 NtmsSvc - ok
10:44:59.0546 11016 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:44:59.0546 11016 Null - ok
10:44:59.0593 11016 [ C03E15101F6D9E82CD9B0E7D715F5DE3 ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
10:44:59.0593 11016 nvata - ok
10:44:59.0593 11016 [ B9333604527E02CD2223F200C0BAE7E0 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
10:44:59.0609 11016 NVENETFD - ok
10:44:59.0609 11016 [ 5E9E55F7EE644C7C5FD78A206FBE37AB ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
10:44:59.0609 11016 nvnetbus - ok
10:44:59.0640 11016 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:44:59.0640 11016 NwlnkFlt - ok
10:44:59.0656 11016 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:44:59.0656 11016 NwlnkFwd - ok
10:44:59.0734 11016 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
10:44:59.0750 11016 odserv - ok
10:44:59.0765 11016 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:44:59.0765 11016 ohci1394 - ok
10:44:59.0796 11016 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
10:44:59.0812 11016 ose - ok
10:44:59.0828 11016 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:44:59.0843 11016 Parport - ok
10:44:59.0859 11016 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:44:59.0859 11016 PartMgr - ok
10:44:59.0890 11016 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:44:59.0890 11016 ParVdm - ok
10:44:59.0906 11016 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:44:59.0906 11016 PCI - ok
10:44:59.0906 11016 PCIDump - ok
10:44:59.0937 11016 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:44:59.0968 11016 PCIIde - ok
10:45:00.0046 11016 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:45:00.0046 11016 Pcmcia - ok
10:45:00.0062 11016 PDCOMP - ok
10:45:00.0078 11016 PDFRAME - ok
10:45:00.0078 11016 pdlndlpb - ok
10:45:00.0093 11016 PDRELI - ok
10:45:00.0109 11016 PDRFRAME - ok
10:45:00.0109 11016 perc2 - ok
10:45:00.0125 11016 perc2hib - ok
10:45:00.0156 11016 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
10:45:00.0171 11016 PlugPlay - ok
10:45:00.0187 11016 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:45:00.0187 11016 PolicyAgent - ok
10:45:00.0203 11016 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:45:00.0203 11016 PptpMiniport - ok
10:45:00.0203 11016 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:45:00.0203 11016 ProtectedStorage - ok
10:45:00.0234 11016 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:45:00.0234 11016 PSched - ok
10:45:00.0250 11016 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:45:00.0250 11016 Ptilink - ok
10:45:00.0265 11016 ql1080 - ok
10:45:00.0265 11016 Ql10wnt - ok
10:45:00.0281 11016 ql12160 - ok
10:45:00.0296 11016 ql1240 - ok
10:45:00.0312 11016 ql1280 - ok
10:45:00.0328 11016 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:45:00.0328 11016 RasAcd - ok
10:45:00.0343 11016 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:45:00.0359 11016 RasAuto - ok
10:45:00.0375 11016 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:45:00.0375 11016 Rasl2tp - ok
10:45:00.0406 11016 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:45:00.0406 11016 RasMan - ok
10:45:00.0421 11016 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:45:00.0437 11016 RasPppoe - ok
10:45:00.0437 11016 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:45:00.0453 11016 Raspti - ok
10:45:00.0453 11016 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:45:00.0468 11016 Rdbss - ok
10:45:00.0468 11016 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:45:00.0468 11016 RDPCDD - ok
10:45:00.0500 11016 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:45:00.0515 11016 rdpdr - ok
10:45:00.0546 11016 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:45:00.0562 11016 RDPWD - ok
10:45:00.0578 11016 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:45:00.0593 11016 RDSessMgr - ok
10:45:00.0609 11016 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:45:00.0609 11016 redbook - ok
10:45:00.0640 11016 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:45:00.0656 11016 RemoteAccess - ok
10:45:00.0671 11016 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:45:00.0671 11016 RemoteRegistry - ok
10:45:00.0687 11016 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
10:45:00.0687 11016 RpcLocator - ok
10:45:00.0703 11016 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:45:00.0703 11016 RpcSs - ok
10:45:00.0734 11016 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:45:00.0734 11016 RSVP - ok
10:45:00.0781 11016 [ ACD10C56E4455F203707A679040C3B61 ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
10:45:00.0796 11016 RTL8192su - ok
10:45:00.0812 11016 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
10:45:00.0812 11016 SamSs - ok
10:45:00.0843 11016 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:45:00.0843 11016 SCardSvr - ok
10:45:00.0875 11016 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:45:00.0875 11016 Schedule - ok
10:45:00.0890 11016 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:45:00.0890 11016 Secdrv - ok
10:45:00.0953 11016 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
10:45:00.0968 11016 seclogon - ok
10:45:01.0015 11016 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
10:45:01.0015 11016 SENS - ok
10:45:01.0031 11016 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:45:01.0031 11016 serenum - ok
10:45:01.0046 11016 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:45:01.0046 11016 Serial - ok
10:45:01.0109 11016 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
10:45:01.0109 11016 Sfloppy - ok
10:45:01.0140 11016 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:45:01.0140 11016 SharedAccess - ok
10:45:01.0156 11016 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:45:01.0156 11016 ShellHWDetection - ok
10:45:01.0171 11016 Simbad - ok
10:45:01.0171 11016 SlNtHal - ok
10:45:01.0187 11016 Sparrow - ok
10:45:01.0203 11016 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:45:01.0203 11016 splitter - ok
10:45:01.0234 11016 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:45:01.0234 11016 Spooler - ok
10:45:01.0265 11016 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:45:01.0265 11016 sr - ok
10:45:01.0281 11016 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
10:45:01.0281 11016 srservice - ok
10:45:01.0328 11016 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:45:01.0328 11016 Srv - ok
10:45:01.0359 11016 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:45:01.0359 11016 SSDPSRV - ok
10:45:01.0390 11016 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:45:01.0390 11016 stisvc - ok
10:45:01.0406 11016 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:45:01.0406 11016 swenum - ok
10:45:01.0406 11016 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:45:01.0421 11016 swmidi - ok
10:45:01.0421 11016 SwPrv - ok
10:45:01.0421 11016 symc810 - ok
10:45:01.0421 11016 symc8xx - ok
10:45:01.0421 11016 sym_hi - ok
10:45:01.0437 11016 sym_u3 - ok
10:45:01.0437 11016 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:45:01.0437 11016 sysaudio - ok
10:45:01.0453 11016 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:45:01.0484 11016 SysmonLog - ok
10:45:01.0515 11016 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:45:01.0562 11016 TapiSrv - ok
10:45:01.0625 11016 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:45:01.0625 11016 Tcpip - ok
10:45:01.0750 11016 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:45:01.0750 11016 TDPIPE - ok
10:45:01.0781 11016 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:45:01.0781 11016 TDTCP - ok
10:45:01.0796 11016 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:45:01.0796 11016 TermDD - ok
10:45:01.0828 11016 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
10:45:01.0843 11016 TermService - ok
10:45:01.0859 11016 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
10:45:01.0859 11016 Themes - ok
10:45:01.0906 11016 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:45:01.0906 11016 TlntSvr - ok
10:45:01.0906 11016 TosIde - ok
10:45:01.0937 11016 tpibpni - ok
10:45:01.0953 11016 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:45:01.0953 11016 TrkWks - ok
10:45:01.0953 11016 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:45:01.0968 11016 Udfs - ok
10:45:01.0984 11016 uleadburninghelper - ok
10:45:01.0984 11016 ultra - ok
10:45:02.0000 11016 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
10:45:02.0000 11016 UMWdf - ok
10:45:02.0031 11016 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:45:02.0046 11016 Update - ok
10:45:02.0062 11016 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:45:02.0062 11016 upnphost - ok
10:45:02.0078 11016 [ BB16932A4189E82D6C455042C11849B6 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
10:45:02.0078 11016 upperdev - ok
10:45:02.0125 11016 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
10:45:02.0125 11016 UPS - ok
10:45:02.0171 11016 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
10:45:02.0187 11016 usbaudio - ok
10:45:02.0281 11016 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:45:02.0484 11016 usbccgp - ok
10:45:02.0500 11016 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:45:02.0500 11016 usbehci - ok
10:45:02.0531 11016 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:45:02.0531 11016 usbhub - ok
10:45:02.0562 11016 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:45:02.0593 11016 usbohci - ok
10:45:02.0718 11016 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:45:02.0718 11016 usbscan - ok
10:45:02.0750 11016 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
10:45:02.0750 11016 usbser - ok
10:45:02.0781 11016 [ E748D50B3B2EC7F40A2BA67FB094CF01 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
10:45:02.0781 11016 UsbserFilt - ok
10:45:02.0796 11016 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:45:02.0796 11016 USBSTOR - ok
10:45:02.0828 11016 [ 11028C6A84A967070CB1286550F2058F ] veteboot C:\WINDOWS\system32\USBVCD.dll
10:45:02.0843 11016 veteboot ( Backdoor.Multi.ZAccess.gen ) - infected
10:45:02.0843 11016 veteboot - detected Backdoor.Multi.ZAccess.gen (0)
10:45:02.0843 11016 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:45:02.0859 11016 VgaSave - ok
10:45:02.0859 11016 ViaIde - ok
10:45:02.0875 11016 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:45:02.0875 11016 VolSnap - ok
10:45:02.0906 11016 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
10:45:02.0921 11016 VSS - ok
10:45:02.0953 11016 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
10:45:02.0968 11016 W32Time - ok
10:45:02.0984 11016 w810bus - ok
10:45:02.0984 11016 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:45:03.0000 11016 Wanarp - ok
10:45:03.0046 11016 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:45:03.0046 11016 Wdf01000 - ok
10:45:03.0062 11016 WDICA - ok
10:45:03.0078 11016 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:45:03.0078 11016 wdmaud - ok
10:45:03.0093 11016 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:45:03.0093 11016 WebClient - ok
10:45:03.0156 11016 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:45:03.0156 11016 winmgmt - ok
10:45:03.0187 11016 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:45:03.0187 11016 WmdmPmSN - ok
10:45:03.0234 11016 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:45:03.0250 11016 Wmi - ok
10:45:03.0281 11016 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:45:03.0296 11016 WmiApSrv - ok
10:45:03.0328 11016 [ C1B3D9D75C3FB735F5FA3A5806ADED57 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
10:45:03.0328 11016 WpdUsb - ok
10:45:03.0421 11016 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:45:03.0500 11016 WPFFontCache_v0400 - ok
10:45:03.0546 11016 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:45:03.0546 11016 WS2IFSL - ok
10:45:03.0546 11016 wuolservice - ok
10:45:03.0656 11016 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:45:03.0703 11016 WZCSVC - ok
10:45:03.0734 11016 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:45:03.0734 11016 xmlprov - ok
10:45:03.0765 11016 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
10:45:03.0765 11016 ZTEusbmdm6k - ok
10:45:03.0812 11016 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
10:45:03.0812 11016 ZTEusbnmea - ok
10:45:03.0828 11016 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
10:45:03.0843 11016 ZTEusbser6k - ok
10:45:03.0859 11016 ================ Scan global ===============================
10:45:03.0875 11016 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
10:45:03.0906 11016 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
10:45:03.0937 11016 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
10:45:03.0953 11016 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
10:45:03.0953 11016 [Global] - ok
10:45:03.0953 11016 ================ Scan MBR ==================================
10:45:03.0984 11016 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
10:45:04.0281 11016 \Device\Harddisk0\DR0 - ok
10:45:04.0281 11016 ================ Scan VBR ==================================
10:45:04.0281 11016 [ 16119ED88CDC6EC3B9A091938B6508DC ] \Device\Harddisk0\DR0\Partition1
10:45:04.0296 11016 \Device\Harddisk0\DR0\Partition1 - ok
10:45:04.0296 11016 ============================================================
10:45:04.0296 11016 Scan finished
10:45:04.0296 11016 ============================================================
10:45:04.0312 11112 Detected object count: 3
10:45:04.0312 11112 Actual detected object count: 3
10:45:59.0500 11112 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
10:45:59.0500 11112 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
10:45:59.0500 11112 MRxSmb ( Virus.Win32.ZAccess.l ) - skipped by user
10:45:59.0500 11112 MRxSmb ( Virus.Win32.ZAccess.l ) - User select action: Skip
10:45:59.0500 11112 veteboot ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:45:59.0500 11112 veteboot ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:46:11.0421 10888 Deinitialize success
|
|
15.11.2012, 11:01
| #4 | |
| /// TB-Ausbilder | Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash Update Da hast du dir ganz schön was angelacht ... Mache nochmal einen Scan mit TDSSKiller und diemal entferne: MRxSmb veteboot Dann bitte neues Log mit aswmbr und TDSSKiller.
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
15.11.2012, 11:58
| #5 | |||
| | Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash UpdateZitat:
 Zitat:
Zitat:
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-15 11:09:50
-----------------------------
11:09:50.656 OS Version: Windows 5.1.2600 Service Pack 3
11:09:50.656 Number of processors: 2 586 0x1706
11:09:50.656 ComputerName: HANS UserName:
11:09:51.734 Initialize success
11:10:17.765 AVAST engine defs: 12111500
11:13:14.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-17
11:13:14.359 Disk 0 Vendor: ExcelStor_Technology_J340 V22OA63A Size: 39266MB BusType: 3
11:13:14.359 Disk 0 MBR read successfully
11:13:14.359 Disk 0 MBR scan
11:13:14.421 Disk 0 Windows XP default MBR code
11:13:14.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39264 MB offset 2048
11:13:14.437 Disk 0 scanning sectors +80414720
11:13:14.500 Disk 0 scanning C:\WINDOWS\system32\drivers
11:13:24.843 Service scanning
11:13:59.781 Modules scanning
11:14:15.562 Disk 0 trace - called modules:
11:14:15.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:14:15.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f6fab8]
11:14:15.578 3 CLASSPNP.SYS[f7680fd7] -> nt!IofCallDriver -> \Device\00000068[0x86ec99e8]
11:14:15.578 5 ACPI.sys[f74b8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-17[0x86ec8d98]
11:14:16.156 AVAST engine scan C:\WINDOWS
11:14:39.421 AVAST engine scan C:\WINDOWS\system32
11:21:23.906 AVAST engine scan C:\WINDOWS\system32\drivers
11:21:44.359 AVAST engine scan C:\Dokumente und Einstellungen\***
11:37:50.046 AVAST engine scan C:\Dokumente und Einstellungen\All Users
11:40:59.703 Scan finished successfully
11:53:20.890 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"
11:53:20.921 The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR.txt"
11:53:37.171 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"
11:53:37.171 The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR_1.txt"
Code:
ATTFilter 11:54:09.0109 8972 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:54:10.0093 8972 ============================================================
11:54:10.0093 8972 Current date / time: 2012/11/15 11:54:10.0093
11:54:10.0093 8972 SystemInfo:
11:54:10.0093 8972
11:54:10.0093 8972 OS Version: 5.1.2600 ServicePack: 3.0
11:54:10.0093 8972 Product type: Workstation
11:54:10.0093 8972 ComputerName: HANS
11:54:10.0093 8972 UserName: ***
11:54:10.0093 8972 Windows directory: C:\WINDOWS
11:54:10.0093 8972 System windows directory: C:\WINDOWS
11:54:10.0093 8972 Processor architecture: Intel x86
11:54:10.0093 8972 Number of processors: 2
11:54:10.0093 8972 Page size: 0x1000
11:54:10.0093 8972 Boot type: Normal boot
11:54:10.0093 8972 ============================================================
11:54:12.0359 8972 BG loaded
11:54:12.0593 8972 Drive \Device\Harddisk0\DR0 - Size: 0x9962B8000 (38.35 Gb), SectorSize: 0x200, Cylinders: 0x138D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:54:12.0593 8972 ============================================================
11:54:12.0593 8972 \Device\Harddisk0\DR0:
11:54:12.0593 8972 MBR partitions:
11:54:12.0593 8972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4CB0000
11:54:12.0593 8972 ============================================================
11:54:12.0625 8972 C: <-> \Device\Harddisk0\DR0\Partition1
11:54:12.0625 8972 ============================================================
11:54:12.0625 8972 Initialize success
11:54:12.0625 8972 ============================================================
11:54:17.0281 9560 ============================================================
11:54:17.0281 9560 Scan started
11:54:17.0281 9560 Mode: Manual; TDLFS;
11:54:17.0281 9560 ============================================================
11:54:18.0062 9560 ================ Scan system memory ========================
11:54:18.0062 9560 System memory - ok
11:54:18.0078 9560 ================ Scan services =============================
11:54:18.0281 9560 Abiosdsk - ok
11:54:18.0296 9560 abp480n5 - ok
11:54:18.0343 9560 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:54:18.0343 9560 ACPI - ok
11:54:18.0359 9560 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:54:18.0359 9560 ACPIEC - ok
11:54:18.0421 9560 [ 6D182C31ACF16213407F2768F1107FE3 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
11:54:18.0421 9560 Adobe LM Service - ok
11:54:18.0421 9560 adpu160m - ok
11:54:18.0453 9560 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:54:18.0468 9560 aec - ok
11:54:18.0484 9560 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:54:18.0484 9560 AegisP - ok
11:54:18.0531 9560 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:54:18.0546 9560 AFD - ok
11:54:18.0546 9560 agnwifi - ok
11:54:18.0562 9560 Aha154x - ok
11:54:18.0578 9560 aic78u2 - ok
11:54:18.0578 9560 aic78xx - ok
11:54:19.0078 9560 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll
11:54:19.0078 9560 Suspicious file (Hidden): c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
11:54:19.0109 9560 Akamai ( HiddenFile.Multi.Generic ) - warning
11:54:19.0109 9560 Akamai - detected HiddenFile.Multi.Generic (1)
11:54:19.0140 9560 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:54:19.0171 9560 Alerter - ok
11:54:19.0187 9560 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
11:54:19.0187 9560 ALG - ok
11:54:19.0203 9560 AliIde - ok
11:54:19.0218 9560 amdk77 - ok
11:54:19.0234 9560 amsint - ok
11:54:19.0312 9560 [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:54:19.0312 9560 Apple Mobile Device - ok
11:54:19.0343 9560 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:54:19.0359 9560 AppMgmt - ok
11:54:19.0375 9560 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:54:19.0375 9560 Arp1394 - ok
11:54:19.0390 9560 asc - ok
11:54:19.0406 9560 asc3350p - ok
11:54:19.0421 9560 asc3550 - ok
11:54:19.0515 9560 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:54:19.0531 9560 aspnet_state - ok
11:54:19.0562 9560 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:54:19.0562 9560 AsyncMac - ok
11:54:19.0593 9560 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:54:19.0593 9560 atapi - ok
11:54:19.0609 9560 Atdisk - ok
11:54:19.0656 9560 [ C49A64D70DD96F1A511F2D2BADFB924F ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:54:19.0656 9560 Ati HotKey Poller - ok
11:54:19.0703 9560 [ FDC4B0D5E8D477C75D962F395C3A25F0 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
11:54:19.0703 9560 ATI Smart - ok
11:54:19.0843 9560 [ 4F1D98C5FAA232D89F479AA2F6EF4196 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:54:19.0921 9560 ati2mtag - ok
11:54:19.0968 9560 [ 6E996CF8459A2594E0E9609D0E34D41F ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
11:54:19.0984 9560 atksgt - ok
11:54:20.0015 9560 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:54:20.0015 9560 Atmarpc - ok
11:54:20.0031 9560 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:54:20.0031 9560 AudioSrv - ok
11:54:20.0078 9560 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:54:20.0078 9560 audstub - ok
11:54:20.0140 9560 [ 1992C2A1867D95AA3A0802539358D162 ] Autodesk Content Service C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe
11:54:20.0140 9560 Autodesk Content Service - ok
11:54:20.0171 9560 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:54:20.0171 9560 Beep - ok
11:54:20.0218 9560 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
11:54:20.0281 9560 BITS - ok
11:54:20.0406 9560 [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
11:54:20.0406 9560 Bonjour Service - ok
11:54:20.0437 9560 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
11:54:20.0437 9560 Browser - ok
11:54:20.0453 9560 BTSLBCSP - ok
11:54:20.0500 9560 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:54:20.0500 9560 cbidf2k - ok
11:54:20.0515 9560 cd20xrnt - ok
11:54:20.0531 9560 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:54:20.0531 9560 Cdaudio - ok
11:54:20.0578 9560 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:54:20.0578 9560 Cdfs - ok
11:54:20.0609 9560 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:54:20.0609 9560 Cdrom - ok
11:54:20.0625 9560 Changer - ok
11:54:20.0640 9560 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:54:20.0640 9560 CiSvc - ok
11:54:20.0656 9560 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:54:20.0656 9560 ClipSrv - ok
11:54:20.0703 9560 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:54:20.0734 9560 clr_optimization_v2.0.50727_32 - ok
11:54:20.0765 9560 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:54:20.0828 9560 clr_optimization_v4.0.30319_32 - ok
11:54:20.0843 9560 cltnetcnservice - ok
11:54:20.0843 9560 CmdIde - ok
11:54:20.0859 9560 COMSysApp - ok
11:54:20.0875 9560 Cpqarray - ok
11:54:20.0937 9560 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:54:20.0937 9560 CryptSvc - ok
11:54:20.0937 9560 CVPNDRVA - ok
11:54:20.0953 9560 dac2w2k - ok
11:54:20.0968 9560 dac960nt - ok
11:54:20.0968 9560 DCamUSBSQTECH - ok
11:54:21.0000 9560 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:54:21.0015 9560 DcomLaunch - ok
11:54:21.0109 9560 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:54:21.0109 9560 Dhcp - ok
11:54:21.0140 9560 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:54:21.0140 9560 Disk - ok
11:54:21.0140 9560 dmadmin - ok
11:54:21.0187 9560 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:54:21.0203 9560 dmboot - ok
11:54:21.0218 9560 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:54:21.0218 9560 dmio - ok
11:54:21.0234 9560 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:54:21.0234 9560 dmload - ok
11:54:21.0250 9560 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:54:21.0250 9560 dmserver - ok
11:54:21.0281 9560 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:54:21.0281 9560 DMusic - ok
11:54:21.0343 9560 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:54:21.0343 9560 Dnscache - ok
11:54:21.0359 9560 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:54:21.0359 9560 Dot3svc - ok
11:54:21.0375 9560 dpti2o - ok
11:54:21.0406 9560 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:54:21.0406 9560 drmkaud - ok
11:54:21.0421 9560 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:54:21.0421 9560 EapHost - ok
11:54:21.0453 9560 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:54:21.0453 9560 ERSvc - ok
11:54:21.0468 9560 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
11:54:21.0484 9560 Eventlog - ok
11:54:21.0500 9560 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
11:54:21.0500 9560 EventSystem - ok
11:54:21.0531 9560 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:54:21.0531 9560 Fastfat - ok
11:54:21.0578 9560 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:54:21.0609 9560 FastUserSwitchingCompatibility - ok
11:54:21.0640 9560 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:54:21.0640 9560 Fdc - ok
11:54:21.0640 9560 filterservice - ok
11:54:21.0656 9560 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:54:21.0656 9560 Fips - ok
11:54:21.0734 9560 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:54:21.0765 9560 FLEXnet Licensing Service - ok
11:54:21.0796 9560 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:54:21.0796 9560 Flpydisk - ok
11:54:21.0828 9560 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:54:21.0828 9560 FltMgr - ok
11:54:21.0875 9560 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:54:21.0875 9560 FontCache3.0.0.0 - ok
11:54:21.0953 9560 [ A6F98D7FB17477E6EC99538223B54DAA ] ForceWare Intelligent Application Manager (IAM) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
11:54:21.0953 9560 ForceWare Intelligent Application Manager (IAM) - ok
11:54:21.0968 9560 [ B81F8778F5BB485F3B75114F0C99A49F ] ForcewareWebInterface C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
11:54:21.0968 9560 ForcewareWebInterface - ok
11:54:22.0000 9560 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:54:22.0000 9560 Fs_Rec - ok
11:54:22.0031 9560 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:54:22.0031 9560 Ftdisk - ok
11:54:22.0078 9560 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:54:22.0078 9560 GEARAspiWDM - ok
11:54:22.0093 9560 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:54:22.0093 9560 Gpc - ok
11:54:22.0140 9560 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
11:54:22.0140 9560 hamachi - ok
11:54:22.0218 9560 [ 4480BF01193E88DDB466092D6532865C ] Hamachi2Svc C:\Programme\LogMeIn Hamachi\hamachi-2.exe
11:54:22.0250 9560 Hamachi2Svc - ok
11:54:22.0281 9560 [ 56BF27D7A539F9E6BBC1DE201ABA0EDF ] HdAudAddService C:\WINDOWS\system32\drivers\AtiHdAud.sys
11:54:22.0281 9560 HdAudAddService - ok
11:54:22.0312 9560 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:54:22.0312 9560 HDAudBus - ok
11:54:22.0359 9560 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:54:22.0359 9560 helpsvc - ok
11:54:22.0375 9560 HidServ - ok
11:54:22.0421 9560 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:54:22.0421 9560 HidUsb - ok
11:54:22.0453 9560 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:54:22.0453 9560 hkmsvc - ok
11:54:22.0453 9560 hpn - ok
11:54:22.0515 9560 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:54:22.0515 9560 HTTP - ok
11:54:22.0546 9560 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:54:22.0562 9560 HTTPFilter - ok
11:54:22.0593 9560 i2omgmt - ok
11:54:22.0609 9560 i2omp - ok
11:54:22.0656 9560 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:54:22.0656 9560 i8042prt - ok
11:54:22.0734 9560 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:54:22.0734 9560 IDriverT - ok
11:54:22.0812 9560 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:54:22.0890 9560 idsvc - ok
11:54:22.0921 9560 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:54:22.0937 9560 Imapi - ok
11:54:22.0968 9560 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
11:54:22.0968 9560 ImapiService - ok
11:54:23.0000 9560 [ 580A81790CD0A48D85DA322267DA7AC4 ] InCDfs C:\WINDOWS\system32\drivers\InCDFs.sys
11:54:23.0000 9560 InCDfs - ok
11:54:23.0046 9560 [ AAA2789D2CE21B31BE9406BA1CEB7285 ] InCDPass C:\WINDOWS\system32\drivers\InCDPass.sys
11:54:23.0046 9560 InCDPass - ok
11:54:23.0062 9560 [ 4D022577E9072B5D22E0A383A7806BBB ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys
11:54:23.0062 9560 InCDrec - ok
11:54:23.0093 9560 [ C258E57321A3C3737F4FA815FA69EE0B ] incdrm C:\WINDOWS\system32\drivers\InCDRm.sys
11:54:23.0093 9560 incdrm - ok
11:54:23.0234 9560 [ 9792B85E32E058CD6A43DB274BA47D57 ] InCDsrv C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
11:54:23.0265 9560 InCDsrv - ok
11:54:23.0296 9560 ini910u - ok
11:54:23.0468 9560 [ 60D7460B07012D364CED11DD9FD83E1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:54:23.0593 9560 IntcAzAudAddService - ok
11:54:23.0593 9560 IntelIde - ok
11:54:23.0625 9560 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:54:23.0625 9560 intelppm - ok
11:54:23.0640 9560 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:54:23.0640 9560 Ip6Fw - ok
11:54:23.0656 9560 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:54:23.0656 9560 IpFilterDriver - ok
11:54:23.0671 9560 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:54:23.0671 9560 IpInIp - ok
11:54:23.0687 9560 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:54:23.0687 9560 IpNat - ok
11:54:23.0734 9560 [ DCB3796E0169419618C72F0CE34C68ED ] iPod Service C:\Programme\iPod\bin\iPodService.exe
11:54:23.0781 9560 iPod Service - ok
11:54:23.0812 9560 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:54:23.0812 9560 IPSec - ok
11:54:23.0859 9560 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:54:23.0859 9560 IRENUM - ok
11:54:23.0890 9560 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:54:23.0890 9560 isapnp - ok
11:54:23.0937 9560 [ 44FFBA62F0F426B581759C49AAFEC2E2 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
11:54:23.0937 9560 JavaQuickStarterService - ok
11:54:23.0968 9560 [ C995C0E8B4503FAC38793BB0236AD246 ] JGOGO C:\WINDOWS\system32\DRIVERS\JGOGO.sys
11:54:23.0968 9560 JGOGO - ok
11:54:23.0984 9560 [ F4A31E66A61C0783F51157519B03280B ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
11:54:23.0984 9560 JRAID - ok
11:54:24.0015 9560 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:54:24.0015 9560 Kbdclass - ok
11:54:24.0015 9560 kgjupb - ok
11:54:24.0031 9560 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:54:24.0046 9560 kmixer - ok
11:54:24.0093 9560 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:54:24.0109 9560 KSecDD - ok
11:54:24.0125 9560 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:54:24.0125 9560 LanmanServer - ok
11:54:24.0156 9560 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:54:24.0171 9560 lanmanworkstation - ok
11:54:24.0187 9560 lbrtfdc - ok
11:54:24.0265 9560 [ A15A462F3BBB68974419B7158F4B3647 ] LBTServ C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\lbtserv.exe
11:54:24.0265 9560 LBTServ - ok
11:54:24.0312 9560 [ F5E165B4E3DF145F6E8BF3C0573F94D8 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
11:54:24.0312 9560 LHidFilt - ok
11:54:24.0359 9560 [ 53710476495886D9961BE46983A6A33F ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
11:54:24.0359 9560 LightScribeService - ok
11:54:24.0375 9560 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
11:54:24.0375 9560 lirsgt - ok
11:54:24.0406 9560 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:54:24.0406 9560 LmHosts - ok
11:54:24.0453 9560 [ B46E39B8AE439D7CE75A923E7F950040 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
11:54:24.0453 9560 LMouFilt - ok
11:54:24.0453 9560 ltmodem5 - ok
11:54:24.0500 9560 [ 9BBD8674C1D3811B851C8CF8A8E30E2C ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
11:54:24.0500 9560 LUsbFilt - ok
11:54:24.0531 9560 [ 0B058116D3D4ECCA7DED38F16E0581B2 ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
11:54:24.0546 9560 massfilter - ok
11:54:24.0578 9560 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:54:24.0578 9560 Messenger - ok
11:54:24.0656 9560 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
11:54:24.0671 9560 Microsoft Office Groove Audit Service - ok
11:54:24.0703 9560 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:54:24.0703 9560 mnmdd - ok
11:54:24.0750 9560 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:54:24.0750 9560 mnmsrvc - ok
11:54:24.0765 9560 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:54:24.0781 9560 Modem - ok
11:54:24.0781 9560 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:54:24.0781 9560 Mouclass - ok
11:54:24.0796 9560 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:54:24.0812 9560 mouhid - ok
11:54:24.0859 9560 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:54:24.0859 9560 MountMgr - ok
11:54:24.0953 9560 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
11:54:24.0953 9560 MozillaMaintenance - ok
11:54:24.0984 9560 mraid35x - ok
11:54:25.0000 9560 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:54:25.0000 9560 MRxDAV - ok
11:54:25.0046 9560 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:54:25.0062 9560 MRxSmb - ok
11:54:25.0093 9560 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:54:25.0093 9560 MSDTC - ok
11:54:25.0140 9560 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:54:25.0140 9560 Msfs - ok
11:54:25.0156 9560 MSIServer - ok
11:54:25.0187 9560 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:54:25.0187 9560 MSKSSRV - ok
11:54:25.0203 9560 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:54:25.0203 9560 MSPCLOCK - ok
11:54:25.0218 9560 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:54:25.0218 9560 MSPQM - ok
11:54:25.0250 9560 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:54:25.0250 9560 mssmbios - ok
11:54:25.0281 9560 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
11:54:25.0281 9560 MTsensor - ok
11:54:25.0328 9560 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:54:25.0328 9560 Mup - ok
11:54:25.0375 9560 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
11:54:25.0375 9560 napagent - ok
11:54:25.0453 9560 [ B498A14133BD09AD0817590ACE4470AD ] NBService C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
11:54:25.0468 9560 NBService - ok
11:54:25.0500 9560 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:54:25.0500 9560 NDIS - ok
11:54:25.0546 9560 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:54:25.0546 9560 NdisTapi - ok
11:54:25.0593 9560 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:54:25.0593 9560 Ndisuio - ok
11:54:25.0609 9560 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:54:25.0625 9560 NdisWan - ok
11:54:25.0656 9560 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:54:25.0656 9560 NDProxy - ok
11:54:25.0687 9560 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:54:25.0687 9560 NetBIOS - ok
11:54:25.0703 9560 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:54:25.0703 9560 NetBT - ok
11:54:25.0750 9560 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
11:54:25.0750 9560 NetDDE - ok
11:54:25.0765 9560 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:54:25.0765 9560 NetDDEdsdm - ok
11:54:25.0796 9560 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:54:25.0796 9560 Netlogon - ok
11:54:25.0843 9560 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
11:54:25.0859 9560 Netman - ok
11:54:25.0921 9560 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:54:25.0984 9560 NetTcpPortSharing - ok
11:54:26.0000 9560 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:54:26.0015 9560 NIC1394 - ok
11:54:26.0031 9560 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
11:54:26.0031 9560 Nla - ok
11:54:26.0109 9560 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
11:54:26.0109 9560 NMIndexingService - ok
11:54:26.0140 9560 [ C82F4CC10AD315B6D6BCB14D0A7CAD66 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
11:54:26.0140 9560 nmwcd - ok
11:54:26.0171 9560 [ 60EF5F5621D7832F00A3F190A0C905E2 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
11:54:26.0171 9560 nmwcdc - ok
11:54:26.0187 9560 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:54:26.0187 9560 Npfs - ok
11:54:26.0218 9560 [ C98168642B15B5EC4AF116E4C30C8BAF ] nSvcIp C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
11:54:26.0218 9560 nSvcIp - ok
11:54:26.0250 9560 [ 381A4EDAC8C5D4327E27387686087A99 ] nSvcLog C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
11:54:26.0250 9560 nSvcLog - ok
11:54:26.0296 9560 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:54:26.0312 9560 Ntfs - ok
11:54:26.0328 9560 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:54:26.0328 9560 NtLmSsp - ok
11:54:26.0359 9560 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:54:26.0375 9560 NtmsSvc - ok
11:54:26.0406 9560 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:54:26.0406 9560 Null - ok
11:54:26.0437 9560 [ C03E15101F6D9E82CD9B0E7D715F5DE3 ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
11:54:26.0437 9560 nvata - ok
11:54:26.0453 9560 [ B9333604527E02CD2223F200C0BAE7E0 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
11:54:26.0468 9560 NVENETFD - ok
11:54:26.0484 9560 [ 5E9E55F7EE644C7C5FD78A206FBE37AB ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
11:54:26.0484 9560 nvnetbus - ok
11:54:26.0515 9560 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:54:26.0515 9560 NwlnkFlt - ok
11:54:26.0531 9560 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:54:26.0531 9560 NwlnkFwd - ok
11:54:26.0593 9560 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
11:54:26.0609 9560 odserv - ok
11:54:26.0625 9560 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:54:26.0625 9560 ohci1394 - ok
11:54:26.0656 9560 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
11:54:26.0656 9560 ose - ok
11:54:26.0671 9560 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:54:26.0687 9560 Parport - ok
11:54:26.0703 9560 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:54:26.0703 9560 PartMgr - ok
11:54:26.0734 9560 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:54:26.0781 9560 ParVdm - ok
11:54:26.0828 9560 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:54:26.0828 9560 PCI - ok
11:54:26.0828 9560 PCIDump - ok
11:54:26.0859 9560 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:54:26.0859 9560 PCIIde - ok
11:54:26.0890 9560 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:54:26.0890 9560 Pcmcia - ok
11:54:26.0890 9560 PDCOMP - ok
11:54:26.0906 9560 PDFRAME - ok
11:54:26.0921 9560 pdlndlpb - ok
11:54:26.0921 9560 PDRELI - ok
11:54:26.0937 9560 PDRFRAME - ok
11:54:26.0953 9560 perc2 - ok
11:54:26.0968 9560 perc2hib - ok
11:54:27.0031 9560 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
11:54:27.0031 9560 PlugPlay - ok
11:54:27.0046 9560 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:54:27.0046 9560 PolicyAgent - ok
11:54:27.0046 9560 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:54:27.0046 9560 PptpMiniport - ok
11:54:27.0062 9560 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:54:27.0062 9560 ProtectedStorage - ok
11:54:27.0078 9560 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:54:27.0078 9560 PSched - ok
11:54:27.0093 9560 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:54:27.0093 9560 Ptilink - ok
11:54:27.0093 9560 ql1080 - ok
11:54:27.0109 9560 Ql10wnt - ok
11:54:27.0109 9560 ql12160 - ok
11:54:27.0125 9560 ql1240 - ok
11:54:27.0125 9560 ql1280 - ok
11:54:27.0140 9560 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:54:27.0140 9560 RasAcd - ok
11:54:27.0156 9560 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:54:27.0156 9560 RasAuto - ok
11:54:27.0187 9560 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:54:27.0187 9560 Rasl2tp - ok
11:54:27.0203 9560 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:54:27.0218 9560 RasMan - ok
11:54:27.0234 9560 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:54:27.0234 9560 RasPppoe - ok
11:54:27.0250 9560 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:54:27.0250 9560 Raspti - ok
11:54:27.0281 9560 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:54:27.0281 9560 Rdbss - ok
11:54:27.0296 9560 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:54:27.0296 9560 RDPCDD - ok
11:54:27.0328 9560 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:54:27.0328 9560 rdpdr - ok
11:54:27.0375 9560 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:54:27.0375 9560 RDPWD - ok
11:54:27.0406 9560 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:54:27.0406 9560 RDSessMgr - ok
11:54:27.0421 9560 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:54:27.0421 9560 redbook - ok
11:54:27.0453 9560 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:54:27.0453 9560 RemoteAccess - ok
11:54:27.0468 9560 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:54:27.0468 9560 RemoteRegistry - ok
11:54:27.0484 9560 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
11:54:27.0484 9560 RpcLocator - ok
11:54:27.0500 9560 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:54:27.0500 9560 RpcSs - ok
11:54:27.0531 9560 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:54:27.0546 9560 RSVP - ok
11:54:27.0593 9560 [ ACD10C56E4455F203707A679040C3B61 ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
11:54:27.0593 9560 RTL8192su - ok
11:54:27.0609 9560 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
11:54:27.0625 9560 SamSs - ok
11:54:27.0640 9560 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:54:27.0640 9560 SCardSvr - ok
11:54:27.0671 9560 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:54:27.0734 9560 Schedule - ok
11:54:27.0750 9560 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:54:27.0750 9560 Secdrv - ok
11:54:27.0781 9560 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
11:54:27.0781 9560 seclogon - ok
11:54:27.0796 9560 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
11:54:27.0796 9560 SENS - ok
11:54:27.0828 9560 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:54:27.0828 9560 serenum - ok
11:54:27.0843 9560 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:54:27.0843 9560 Serial - ok
11:54:27.0906 9560 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
11:54:27.0906 9560 Sfloppy - ok
11:54:27.0937 9560 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:54:27.0953 9560 SharedAccess - ok
11:54:28.0015 9560 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:54:28.0015 9560 ShellHWDetection - ok
11:54:28.0031 9560 Simbad - ok
11:54:28.0046 9560 SlNtHal - ok
11:54:28.0078 9560 Sparrow - ok
11:54:28.0109 9560 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:54:28.0109 9560 splitter - ok
11:54:28.0156 9560 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:54:28.0156 9560 Spooler - ok
11:54:28.0187 9560 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:54:28.0187 9560 sr - ok
11:54:28.0218 9560 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
11:54:28.0218 9560 srservice - ok
11:54:28.0265 9560 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:54:28.0281 9560 Srv - ok
11:54:28.0312 9560 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:54:28.0312 9560 SSDPSRV - ok
11:54:28.0343 9560 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:54:28.0359 9560 stisvc - ok
11:54:28.0375 9560 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:54:28.0375 9560 swenum - ok
11:54:28.0406 9560 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:54:28.0406 9560 swmidi - ok
11:54:28.0421 9560 SwPrv - ok
11:54:28.0437 9560 symc810 - ok
11:54:28.0453 9560 symc8xx - ok
11:54:28.0468 9560 sym_hi - ok
11:54:28.0484 9560 sym_u3 - ok
11:54:28.0500 9560 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:54:28.0515 9560 sysaudio - ok
11:54:28.0546 9560 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:54:28.0546 9560 SysmonLog - ok
11:54:28.0593 9560 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:54:28.0609 9560 TapiSrv - ok
11:54:28.0656 9560 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:54:28.0656 9560 Tcpip - ok
11:54:28.0687 9560 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:54:28.0687 9560 TDPIPE - ok
11:54:28.0718 9560 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:54:28.0718 9560 TDTCP - ok
11:54:28.0750 9560 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:54:28.0750 9560 TermDD - ok
11:54:28.0765 9560 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
11:54:28.0781 9560 TermService - ok
11:54:28.0796 9560 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
11:54:28.0812 9560 Themes - ok
11:54:28.0843 9560 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:54:28.0859 9560 TlntSvr - ok
11:54:28.0875 9560 TosIde - ok
11:54:28.0890 9560 tpibpni - ok
11:54:28.0921 9560 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:54:28.0921 9560 TrkWks - ok
11:54:28.0968 9560 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:54:28.0968 9560 Udfs - ok
11:54:28.0968 9560 uleadburninghelper - ok
11:54:28.0984 9560 ultra - ok
11:54:29.0015 9560 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
11:54:29.0015 9560 UMWdf - ok
11:54:29.0078 9560 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:54:29.0093 9560 Update - ok
11:54:29.0109 9560 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:54:29.0109 9560 upnphost - ok
11:54:29.0140 9560 [ BB16932A4189E82D6C455042C11849B6 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
11:54:29.0140 9560 upperdev - ok
11:54:29.0171 9560 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
11:54:29.0171 9560 UPS - ok
11:54:29.0218 9560 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
11:54:29.0218 9560 usbaudio - ok
11:54:29.0234 9560 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:54:29.0234 9560 usbccgp - ok
11:54:29.0250 9560 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:54:29.0250 9560 usbehci - ok
11:54:29.0265 9560 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:54:29.0281 9560 usbhub - ok
11:54:29.0296 9560 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:54:29.0296 9560 usbohci - ok
11:54:29.0328 9560 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:54:29.0328 9560 usbscan - ok
11:54:29.0375 9560 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
11:54:29.0375 9560 usbser - ok
11:54:29.0390 9560 [ E748D50B3B2EC7F40A2BA67FB094CF01 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
11:54:29.0390 9560 UsbserFilt - ok
11:54:29.0421 9560 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:54:29.0421 9560 USBSTOR - ok
11:54:29.0453 9560 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:54:29.0453 9560 VgaSave - ok
11:54:29.0468 9560 ViaIde - ok
11:54:29.0500 9560 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:54:29.0500 9560 VolSnap - ok
11:54:29.0531 9560 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
11:54:29.0546 9560 VSS - ok
11:54:29.0578 9560 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
11:54:29.0593 9560 W32Time - ok
11:54:29.0609 9560 w810bus - ok
11:54:29.0640 9560 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:54:29.0640 9560 Wanarp - ok
11:54:29.0687 9560 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:54:29.0703 9560 Wdf01000 - ok
11:54:29.0718 9560 WDICA - ok
11:54:29.0750 9560 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:54:29.0750 9560 wdmaud - ok
11:54:29.0765 9560 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:54:29.0781 9560 WebClient - ok
11:54:29.0843 9560 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:54:29.0859 9560 winmgmt - ok
11:54:29.0921 9560 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:54:29.0921 9560 WmdmPmSN - ok
11:54:30.0000 9560 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:54:30.0015 9560 Wmi - ok
11:54:30.0046 9560 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:54:30.0046 9560 WmiApSrv - ok
11:54:30.0078 9560 [ C1B3D9D75C3FB735F5FA3A5806ADED57 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
11:54:30.0078 9560 WpdUsb - ok
11:54:30.0140 9560 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:54:30.0156 9560 WPFFontCache_v0400 - ok
11:54:30.0187 9560 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:54:30.0187 9560 WS2IFSL - ok
11:54:30.0187 9560 wuolservice - ok
11:54:30.0218 9560 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:54:30.0234 9560 WZCSVC - ok
11:54:30.0250 9560 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:54:30.0250 9560 xmlprov - ok
11:54:30.0296 9560 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
11:54:30.0328 9560 ZTEusbmdm6k - ok
11:54:30.0343 9560 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
11:54:30.0343 9560 ZTEusbnmea - ok
11:54:30.0359 9560 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
11:54:30.0375 9560 ZTEusbser6k - ok
11:54:30.0390 9560 ================ Scan global ===============================
11:54:30.0406 9560 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
11:54:30.0515 9560 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:54:30.0531 9560 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:54:30.0531 9560 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
11:54:30.0546 9560 [Global] - ok
11:54:30.0546 9560 ================ Scan MBR ==================================
11:54:30.0562 9560 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
11:54:30.0796 9560 \Device\Harddisk0\DR0 - ok
11:54:30.0796 9560 ================ Scan VBR ==================================
11:54:30.0812 9560 [ 16119ED88CDC6EC3B9A091938B6508DC ] \Device\Harddisk0\DR0\Partition1
11:54:30.0812 9560 \Device\Harddisk0\DR0\Partition1 - ok
11:54:30.0812 9560 ============================================================
11:54:30.0812 9560 Scan finished
11:54:30.0812 9560 ============================================================
11:54:30.0828 10028 Detected object count: 1
11:54:30.0828 10028 Actual detected object count: 1
11:54:36.0187 10028 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
11:54:36.0187 10028 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
11:54:39.0703 9972 Deinitialize success
|
|
15.11.2012, 11:59
| #6 | ||
| /// TB-Ausbilder | Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash Update hmmm sieht aber gut aus ... dann bitte Scan mit Combofix
__________________ --> Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash Update |
|
15.11.2012, 13:21
| #7 |
| | Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash Update Ok, das habe ich gerade erledigt. Das Log sieht so aus: Code:
ATTFilter ComboFix 12-11-14.01 - *** 15.11.2012 12:39:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.43.1031.18.1022.659 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
FW: ActiveArmor Firewall *Enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\Anwendungsdaten\.#
c:\dokumente und einstellungen\Administrator\WINDOWS
c:\dokumente und einstellungen\All Users\Anwendungsdaten\ff90fc39
c:\dokumente und einstellungen\*****\WINDOWS
c:\dokumente und einstellungen\***\Anwendungsdaten\6186f58
c:\dokumente und einstellungen\***\Recent\Thumbs.db
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\1.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\7959.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\a.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\b.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\c.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\d.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\e.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\f.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\g.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\h.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\i.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\j.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\k.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\l.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\m.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\n.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\o.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\p.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\q.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\r.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\s.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\t.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\u.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\v.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\w.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\wlu.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\x.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\y.txt
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\PriceGong\Data\z.txt
c:\windows\EventSystem.log
c:\windows\IsUn0407.exe
c:\windows\system32\AegisI5Installer.exe
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSERVICE
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-15 bis 2012-11-15 ))))))))))))))))))))))))))))))
.
.
2012-11-15 10:03 . 2012-11-15 10:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-08 20:49 . 2012-11-08 20:49 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
2012-10-28 21:34 . 2012-10-28 21:34 -------- d-----w- c:\programme\ESET
2012-10-25 17:54 . 2012-10-25 17:54 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 10:05 . 2008-04-14 03:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-09-29 17:54 . 2012-01-25 11:39 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 13:06 . 2011-11-06 16:24 136672 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Akamai NetSession Interface"="c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" [2011-12-23 3334432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"nTrayFw"="c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\programme\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\programme\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-06-27 148888]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-08-10 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\ConduitEngine" [X]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
REALTEK 11n USB Wireless LAN Utility.lnk - c:\programme\Realtek\11n USB Wireless LAN Utility\RtWLan.exe [2011-9-14 937984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-01-27 11:30 1312848 ----a-w- c:\programme\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 08:32 421160 ----a-w- c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 05:15 421888 ----a-w- c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Autodesk Content Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Pidgin\\pidgin.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Microsoft Games\\Age of Empires\\Empires.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Programme\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
"c:\\Programme\\ANNO 1602 Königs-Edition\\1602.exe"=
"c:\\Dokumente und Einstellungen\\Maria\\Lokale Einstellungen\\Anwendungsdaten\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Dokumente und Einstellungen\\Maria\\Lokale Einstellungen\\Anwendungsdaten\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Realtek\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"1927:TCP"= 1927:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.04.2008 04:00 14336]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programme\LogMeIn Hamachi\hamachi-2.exe [28.03.2011 16:41 1242504]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [14.09.2011 17:41 602912]
S0 kgjupb;kgjupb;c:\windows\system32\drivers\cbgwr.sys --> c:\windows\system32\drivers\cbgwr.sys [?]
S0 tpibpni;tpibpni;c:\windows\system32\drivers\qsvhiy.sys --> c:\windows\system32\drivers\qsvhiy.sys [?]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [14.05.2011 23:13 9216]
S4 Autodesk Content Service;Autodesk Content Service;c:\programme\Autodesk\Content Service\Connect.Service.ContentService.exe [02.02.2011 15:08 18656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pdlndlpb
SlNtHal
cltnetcnservice
BTSLBCSP
DCamUSBSQTECH
uleadburninghelper
w810bus
veteboot
CVPNDRVA
agnwifi
amdk77
wuolservice
filterservice
ltmodem5
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 17:34 451872 ----a-w- c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.tuwien.ac.at/
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{4902E8F0-EFE8-4276-9B21-35F94F5CB11D}: NameServer = 195.3.96.67,195.3.96.68
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\zhqezvqk.default\
FF - prefs.js: network.proxy.ftp - proxy.aon.at
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy.aon.at
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.aon.at
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.aon.at
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-12-03 11:17; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-24582131.sys
AddRemove-AutoCAD 2011 - Deutsch - f:\_mk\autocad\Setup\Setup.exe
AddRemove-AutoCAD 2012 - Deutsch - f:\programme\Autodesk\AutoCAD 2012 - Deutsch\Setup\Setup.exe
AddRemove-Autodesk Inventor Fusion 2012 - f:\programme\Autodesk\Inventor Fusion 2012\Setup\Setup.exe
AddRemove-EPSON Photo Print - c:\windows\IsUn0407.exe
AddRemove-Herrscher des Olymp - Zeus - c:\windows\IsUn0407.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
AddRemove-{5783F2D7-9001-0407-0002-0060B0CE6BBA} - f:\_mk\autocad\Setup\Setup.exe
AddRemove-{5783F2D7-A001-0407-0002-0060B0CE6BBA} - f:\programme\Autodesk\AutoCAD 2012 - Deutsch\Setup\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-15 13:12
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'lsass.exe'(1028)
c:\windows\system32\nvappfilter.dll
.
- - - - - - - > 'explorer.exe'(8824)
c:\windows\system32\AcSignIcon.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\programme\Nero\Nero 7\InCD\InCDsrv.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\wdfmgr.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
c:\programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-15 13:17:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-11-15 12:17
.
Vor Suchlauf: 1.214.324.736 Bytes frei
Nach Suchlauf: 2.275.733.504 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 26DD2BF5080F6C668D3D09BB63FC0D49
|
|
15.11.2012, 14:26
| #8 |
| /// TB-Ausbilder | Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash Update Hmhm ... drei Sachen solltest du jetzt erstmal erledigen bevor es weiter geht ... Schritt 1: AdwCleaner: Werbeprogramme suchen und löschen Schritt 2: Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Schritt 3: Customscan mit OTL
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
15.11.2012, 14:50
| #9 |
| | Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash Update AdwCleaner gibt Folgendes aus: Code:
ATTFilter # AdwCleaner v2.007 - Datei am 15/11/2012 um 14:35:39 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : *** - HANS
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [3396 octets] - [25/10/2012 23:14:39]
AdwCleaner[R2].txt - [829 octets] - [28/10/2012 22:21:56]
AdwCleaner[S1].txt - [3298 octets] - [25/10/2012 23:15:37]
AdwCleaner[S3].txt - [890 octets] - [28/10/2012 22:22:20]
AdwCleaner[S4].txt - [911 octets] - [15/11/2012 14:35:39]
########## EOF - C:\AdwCleaner[S4].txt - [970 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org
Database version: v2012.11.15.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
*** :: HANS [administrator]
15.11.2012 15:09:57
mbar-log-2012-11-15 (15-09-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 32768
Time elapsed: 11 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\WINDOWS\$NtUninstallKB19265$\4266767632\L (Backdoor.0Access) -> Delete on reboot. [bdd19522c29ba5910378a759bd438e72]
C:\WINDOWS\$NtUninstallKB19265$\4266767632\U (Backdoor.0Access) -> Delete on reboot. [86087c3b63fa3df9cdaf33cd55abdb25]
C:\WINDOWS\$NtUninstallKB19265$\4266767632 (Backdoor.0Access) -> Delete on reboot. [7618b700312c01352d502cd416ea946c]
Files Detected: 4
C:\WINDOWS\$NtUninstallKB19265$\4266767632\L\00000004.@ (Backdoor.0Access) -> Delete on reboot. [0d815e59144952e4df962dd3946caf51]
C:\WINDOWS\$NtUninstallKB19265$\4266767632\L\201d3dde (Backdoor.0Access) -> Delete on reboot. [8905bff85805072f7401946c847cdb25]
C:\WINDOWS\$NtUninstallKB19265$\4266767632\L\55490ac4 (Backdoor.0Access) -> Delete on reboot. [503eb502df7e0630274e9868dd239070]
C:\WINDOWS\$NtUninstallKB19265$\4266767632\L\gbcbvfmu (Backdoor.0Access) -> Delete on reboot. [98f6bff82a33b4826d08c93702febb45]
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org
Database version: v2012.11.15.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
*** :: HANS [administrator]
15.11.2012 15:29:58
mbar-log-2012-11-15 (15-29-58).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 32758
Time elapsed: 10 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Geändert von tegetthoff (15.11.2012 um 15:33 Uhr) |
|
15.11.2012, 15:42
| #10 |
| /// TB-Ausbilder | Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash Update Sehr schön! Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
15.11.2012, 15:47
| #11 |
| | Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash Update So, alles der Reihe nach, zuerst die OTL-Logs. OTL.txt: Code:
ATTFilter OTL logfile created on: 15.11.2012 15:37:40 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1022,48 Mb Total Physical Memory | 528,30 Mb Available Physical Memory | 51,67% Memory free 2,40 Gb Paging File | 2,00 Gb Available in Paging File | 83,14% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 38,34 Gb Total Space | 2,14 Gb Free Space | 5,57% Space Free | Partition Type: NTFS Computer Name: HANS | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Realtek\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) PRC - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) PRC - C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe () PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll () MOD - C:\Programme\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2977.39104__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2977.39285__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2977.39309__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2977.39064__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2977.39118__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2977.39300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2977.39263__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2977.39097__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2977.39217__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2977.39084__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2977.39334__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2977.39271__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2977.39340__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2977.39111__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2977.39277__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2977.39076__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2977.39270__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2977.39110__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2977.39361__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2977.39361__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2977.39227__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2977.39292__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2977.39124__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2977.39226__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2977.39302__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2977.39265__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2977.39131__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2977.39219__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2977.39211__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2977.39085__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2977.39244__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2977.39218__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2977.39137__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2977.39226__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2977.39243__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2977.39255__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2939.23747__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2977.39315_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2977.39091__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2977.39315__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2977.39324__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2977.39322__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2977.39353__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2977.39364__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2977.39056__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2977.39071__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2977.39056__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2977.39057__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2977.39055__90ba9c70f846762e\APM.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2977.39055__90ba9c70f846762e\AEM.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2977.39323__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () MOD - C:\Programme\Gemeinsame Dateien\LightScribe\QtGui4.dll () MOD - C:\Programme\Gemeinsame Dateien\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Programme\Gemeinsame Dateien\LightScribe\QtCore4.dll () MOD - C:\Programme\Realtek\11n USB Wireless LAN Utility\acAuth.dll () MOD - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe () MOD - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll () MOD - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll () MOD - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so () MOD - C:\WINDOWS\system32\redmonnt.dll () ========== Services (SafeList) ========== SRV - (wuolservice) -- %systemroot%\system32\ntiopnp.dll File not found SRV - (w810bus) -- %systemroot%\system32\z525bus.dll File not found SRV - (uleadburninghelper) -- %systemroot%\system32\rnadiagreceiver.dll File not found SRV - (SlNtHal) -- %systemroot%\system32\mcods.dll File not found SRV - (pdlndlpb) -- %systemroot%\system32\ifxtcs.dll File not found SRV - (ltmodem5) -- %systemroot%\system32\z800mgmt.dll File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (filterservice) -- %systemroot%\system32\omnidrv.dll File not found SRV - (DCamUSBSQTECH) -- %systemroot%\system32\lpds.dll File not found SRV - (CVPNDRVA) -- %systemroot%\system32\BCMWLNPF.dll File not found SRV - (cltnetcnservice) -- %systemroot%\system32\WmXlCore.dll File not found SRV - (BTSLBCSP) -- %systemroot%\system32\flpydisk.dll File not found SRV - (amdk77) -- %systemroot%\system32\mcmscsvc.dll File not found SRV - (agnwifi) -- %systemroot%\system32\MaxtorFrontPanel1.dll File not found SRV - (Akamai) -- c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll () SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Autodesk Content Service) -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe () SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (InCDsrv) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe () SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation) SRV - (nSvcLog) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA) SRV - (ForcewareWebInterface) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (tpibpni) -- System32\drivers\qsvhiy.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (kgjupb) -- System32\drivers\cbgwr.sys File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys File not found DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys () DRV - (RTL8192su) -- C:\WINDOWS\system32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (MBB Incorporated) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG) DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG) DRV - (InCDrec) -- C:\WINDOWS\System32\drivers\InCDrec.sys (Nero AG) DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys (ATI Research Inc.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (JGOGO) -- C:\WINDOWS\system32\drivers\JGOGO.sys (JMicron ) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.at IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.at IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.at IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.at IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-823518204-113007714-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-823518204-113007714-1417001333-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-823518204-113007714-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-823518204-113007714-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-823518204-113007714-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.backup.ftp: "proxy.aon.at" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.socks: "proxy.aon.at" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "proxy.aon.at" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "proxy.aon.at" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "proxy.aon.at" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy.aon.at" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "proxy.aon.at" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.19 14:06:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.16 11:30:48 | 000,000,000 | ---D | M] [2009.06.23 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2012.10.25 16:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\zhqezvqk.default\extensions [2010.04.28 16:16:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\zhqezvqk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.27 17:34:28 | 000,075,799 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\zhqezvqk.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2011.12.08 16:33:25 | 000,061,705 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\zhqezvqk.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012.01.18 13:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.18 13:53:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2009.06.27 17:33:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.07.19 14:06:01 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.06.20 13:19:24 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.20 13:19:24 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.20 13:19:24 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.20 13:19:24 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.20 13:19:24 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 13:19:24 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.15 13:12:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O3 - HKU\S-1-5-21-823518204-113007714-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [nTrayFw] C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation) O4 - HKLM..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-823518204-113007714-1417001333-1003..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-823518204-113007714-1417001333-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-823518204-113007714-1417001333-1003..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKLM..\RunOnce: [Z1] C:\Dokumente und Einstellungen\***\Desktop\mbar\mbar.exe (Malwarebytes Corporation) O4 - HKU\.DEFAULT..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\ConduitEngine /f File not found O4 - HKU\S-1-5-18..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\ConduitEngine /f File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Programme\Realtek\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-823518204-113007714-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-823518204-113007714-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-823518204-113007714-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-823518204-113007714-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4902E8F0-EFE8-4276-9B21-35F94F5CB11D}: NameServer = 195.3.96.67,195.3.96.68 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.15 19:22:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe" ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0 ActiveX: {1EBBE865-7D65-555F-4B99-B22FADC70946} - Themes Setup ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {37BAACB7-FC05-C4AE-1165-EFEB6208FBF3} - DirectAnimation ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {3F000C1F-48AE-07CE-C824-2A117D711308} - Vektorgrafik-Rendering (VML) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {562ECBC7-DBFF-0056-FBD1-39A8B3C5BCC0} - Microsoft Windows Media Player 6.4 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A2A3A4A-4B82-5B5F-6AA9-FDE566A5CA94} - DirectAnimation ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {DCCD5EE2-2355-F785-2AC1-351020CCA036} - Microsoft Windows Media Player 6.4 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {FA59BA1D-5994-3527-9044-67C5905EBAD7} - Java (Sun) ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: pdlndlpb - %systemroot%\system32\ifxtcs.dll File not found NetSvcs: SlNtHal - %systemroot%\system32\mcods.dll File not found NetSvcs: cltnetcnservice - %systemroot%\system32\WmXlCore.dll File not found NetSvcs: BTSLBCSP - %systemroot%\system32\flpydisk.dll File not found NetSvcs: DCamUSBSQTECH - %systemroot%\system32\lpds.dll File not found NetSvcs: uleadburninghelper - %systemroot%\system32\rnadiagreceiver.dll File not found NetSvcs: w810bus - %systemroot%\system32\z525bus.dll File not found NetSvcs: veteboot - File not found NetSvcs: CVPNDRVA - %systemroot%\system32\BCMWLNPF.dll File not found NetSvcs: agnwifi - %systemroot%\system32\MaxtorFrontPanel1.dll File not found NetSvcs: amdk77 - %systemroot%\system32\mcmscsvc.dll File not found NetSvcs: wuolservice - %systemroot%\system32\ntiopnp.dll File not found NetSvcs: filterservice - %systemroot%\system32\omnidrv.dll File not found NetSvcs: ltmodem5 - %systemroot%\system32\z800mgmt.dll File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "Autodesk Content Service" MsConfig - StartUpReg: EvtMgr6 - hkey= - key= - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 Drivers32: msacm.iac2 - C:\WINDOWS\system32\Iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\Ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\Ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation) Drivers32: vidc.yvu9 - C:\WINDOWS\System32\Iyvu9_32.dll () SafeBootMin: 24582131.sys - Driver SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: 24582131.sys - Driver SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error. SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.15 14:53:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.11.15 12:23:58 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.11.15 12:18:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.11.15 12:18:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.11.15 12:18:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.11.15 12:18:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.11.15 12:18:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.15 12:18:14 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Videos [2012.11.15 12:17:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.11.15 12:06:06 | 005,001,537 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\***\Desktop\ComboFix.exe [2012.11.15 11:03:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.11.15 10:13:42 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***\Desktop\tdsskiller.exe [2012.11.15 09:59:34 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\***\Desktop\aswMBR.exe [2012.11.08 21:49:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe [2012.11.08 00:17:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\mbar [2012.10.28 22:34:46 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.10.25 23:08:04 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe [2012.10.25 22:52:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.10.24 01:45:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.15 15:35:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.11.15 15:18:45 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2012.11.15 15:16:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.15 15:15:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.15 14:52:21 | 012,961,620 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\mbar-1.01.0.1009.zip [2012.11.15 14:34:58 | 000,541,569 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe [2012.11.15 13:12:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.11.15 12:24:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012.11.15 12:06:18 | 005,001,537 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\***\Desktop\ComboFix.exe [2012.11.15 11:53:37 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\MBR.dat [2012.11.15 10:13:55 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***\Desktop\tdsskiller.exe [2012.11.15 09:59:56 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\***\Desktop\aswMBR.exe [2012.11.15 09:49:18 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe [2012.11.12 21:34:08 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\dvoum6yj.exe [2012.11.12 21:02:13 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2012.11.12 21:01:51 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\winscp.rnd [2012.11.06 17:04:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.10.28 17:32:25 | 000,520,666 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.28 17:32:25 | 000,496,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.28 17:32:25 | 000,102,196 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.28 17:32:25 | 000,085,338 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.25 23:38:19 | 000,026,112 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.25 23:38:19 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.10.25 23:08:09 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe [2012.10.25 18:58:36 | 000,000,651 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.15 15:18:45 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2012.11.15 14:52:05 | 012,961,620 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\mbar-1.01.0.1009.zip [2012.11.15 12:24:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012.11.15 12:23:59 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.11.15 12:18:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.11.15 12:18:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.11.15 12:18:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.11.15 12:18:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.11.15 12:18:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.11.15 10:42:08 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\MBR.dat [2012.11.12 21:34:08 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\dvoum6yj.exe [2012.11.12 21:02:13 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2012.11.12 20:43:35 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe [2012.10.25 23:04:59 | 000,541,569 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe [2012.02.16 11:33:17 | 000,001,563 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel [2012.02.01 14:54:09 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\1rcOE7.com.d [2012.01.26 15:26:51 | 000,000,112 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\075GMAU.dat [2011.09.16 20:56:17 | 000,694,334 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-823518204-113007714-1417001333-1003-0.dat [2011.09.15 18:18:05 | 000,326,842 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.09.15 17:41:53 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc [2011.09.14 17:40:56 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2010.10.17 16:27:01 | 000,463,336 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.04.15 10:15:27 | 000,022,662 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Expert2.lst [2010.04.15 10:15:25 | 000,000,100 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Expert2.prf [2010.04.15 10:15:24 | 000,004,836 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Expert2.dic [2009.12.06 19:13:30 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\winscp.rnd [2009.10.24 12:14:42 | 000,011,088 | ---- | C] () -- C:\Dokumente und Einstellungen\***\gsview32.ini [2009.06.20 18:21:17 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.gtkrc-2.0 [2009.06.16 19:42:11 | 000,026,112 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.15 22:49:00 | 000,000,042 | ---- | C] () -- C:\Dokumente und Einstellungen\***\default.pls ========== ZeroAccess Check ========== [2009.06.15 21:36:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009.04.29 05:33:23 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.10.26 16:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ebner [2010.07.27 19:21:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EPSON [2010.07.05 13:13:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0 [2009.08.22 10:15:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\IrfanView [2009.07.01 18:17:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\4D [2011.09.15 17:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk [2009.10.28 08:11:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF [2012.06.16 15:30:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\inka software [2009.06.15 22:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2011.05.14 23:14:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at [2010.09.23 19:00:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ORCA AVA [2009.12.30 21:18:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2010.09.18 19:13:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.03.08 10:15:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.06.23 18:40:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2011.05.14 23:12:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{92809A0D-A823-4253-90B2-7D5F59F20E10} [2009.07.01 14:10:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\.purple [2010.09.21 14:22:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\DVDVideoSoftIEHelpers [2009.10.26 21:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Ebner [2009.10.07 12:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\EPSON [2012.10.25 22:52:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.purple [2011.09.15 17:33:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Autodesk [2009.09.01 09:09:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EPSON [2012.02.16 10:51:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0 [2012.06.16 15:30:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\inka software [2011.08.07 17:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IrfanView [2010.04.30 21:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.06.16 00:11:34 | 000,000,000 | ---D | M] -- C:\2d9aa55ec4af651be6574ed4e51f [2009.06.15 23:11:20 | 000,000,000 | ---D | M] -- C:\BentleyDownloads [2011.05.14 23:11:09 | 000,000,000 | ---D | M] -- C:\BlueByte [2012.11.15 12:24:02 | 000,000,000 | RHSD | M] -- C:\cmdcons [2010.04.22 21:37:01 | 000,000,000 | ---D | M] -- C:\COMTEST_V650 [2011.05.14 23:38:42 | 000,000,000 | ---D | M] -- C:\d3cebfd1d90a81316c8e7616 [2009.06.27 16:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2009.09.01 08:54:53 | 000,000,000 | ---D | M] -- C:\EPSON [2009.06.15 22:04:47 | 000,000,000 | ---D | M] -- C:\JM [2009.06.16 13:04:37 | 000,000,000 | R--D | M] -- C:\MSOCache [2012.10.28 22:34:46 | 000,000,000 | R--D | M] -- C:\Programme [2009.10.24 11:14:20 | 000,000,000 | ---D | M] -- C:\ProTeXt [2012.11.15 13:17:12 | 000,000,000 | ---D | M] -- C:\Qoobox [2012.11.15 14:53:34 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2010.08.29 10:11:21 | 000,000,000 | ---D | M] -- C:\Sierra [2009.06.15 19:25:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.11.15 11:03:49 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine [2009.09.08 12:24:10 | 000,000,000 | ---D | M] -- C:\TEMP [2009.06.16 01:12:47 | 000,000,000 | ---D | M] -- C:\VGigant [2012.11.15 15:31:13 | 000,000,000 | ---D | M] -- C:\WINDOWS < %SYSTEMDRIVE%\*.* > [2009.06.15 21:50:35 | 000,001,024 | ---- | M] () -- C:\.rnd [2012.10.25 23:14:42 | 000,003,396 | ---- | M] () -- C:\AdwCleaner[R1].txt [2012.10.28 22:21:59 | 000,000,829 | ---- | M] () -- C:\AdwCleaner[R2].txt [2012.10.25 23:15:40 | 000,003,298 | ---- | M] () -- C:\AdwCleaner[S1].txt [2012.10.28 22:22:24 | 000,000,890 | ---- | M] () -- C:\AdwCleaner[S3].txt [2012.11.15 14:35:42 | 000,001,038 | ---- | M] () -- C:\AdwCleaner[S4].txt [2009.06.15 19:22:06 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011.10.08 14:13:18 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2012.11.15 12:24:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2008.04.14 04:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin [2010.04.22 21:37:41 | 000,032,768 | ---- | M] () -- C:\CCPERS_600.DAT [2004.08.03 23:00:10 | 000,262,448 | RHS- | M] () -- C:\cmldr [2012.11.15 13:17:11 | 000,016,957 | ---- | M] () -- C:\ComboFix.txt [2009.06.15 19:22:06 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010.07.27 18:37:42 | 000,000,000 | ---- | M] () -- C:\ctapi_out_gr.txt [2012.09.07 12:23:49 | 000,002,040 | ---- | M] () -- C:\fpRedmon.log [2009.06.15 19:22:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009.06.15 19:22:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008.04.14 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008.04.14 04:00:00 | 000,251,712 | RHS- | M] () -- C:\ntldr [2012.11.15 15:15:46 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2009.06.15 22:01:38 | 000,000,440 | ---- | M] () -- C:\RHDSetup.log [2012.11.12 20:19:51 | 000,000,563 | ---- | M] () -- C:\rkill.log [2012.11.15 10:57:51 | 000,092,410 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_15.11.2012_10.44.25_log.txt [2012.11.15 11:04:06 | 000,098,262 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_15.11.2012_11.02.40_log.txt [2012.11.15 11:09:41 | 000,089,844 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_15.11.2012_11.07.08_log.txt [2012.11.15 11:54:39 | 000,089,852 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_15.11.2012_11.54.09_log.txt < %PROGRAMFILES%\*.exe > Invalid Environment Variable: PROGRAMFILES(X86) < %systemroot%\*. /mp /s > < %windir%\installer\*. /10 > < %appdata%\*. > [2012.10.25 22:52:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.purple [2010.03.17 20:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe [2009.06.15 23:38:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeUM [2009.09.19 22:33:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ahead [2011.08.07 16:53:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Apple Computer [2009.06.15 21:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ATI [2011.09.15 17:33:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Autodesk [2011.12.29 17:52:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\dvdcss [2009.09.01 09:09:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EPSON [2012.02.16 10:51:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0 [2009.08.15 16:44:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hamachi [2010.05.16 22:47:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Help [2009.06.15 19:26:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities [2012.06.16 15:30:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\inka software [2011.08.07 17:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IrfanView [2010.04.30 21:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech [2010.04.30 21:45:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Logishrd [2010.04.30 21:49:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Logitech [2009.06.15 23:55:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia [2012.01.25 12:39:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2011.12.04 17:45:41 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft [2009.10.24 12:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MiKTeX [2009.06.23 19:16:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla [2012.11.09 00:10:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype [2012.01.18 13:52:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM [2009.06.27 21:10:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun [2009.06.27 13:24:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc [2009.07.05 23:57:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinRAR < %appdata%\*.* > [2009.06.15 19:10:36 | 000,000,062 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\desktop.ini [2012.11.12 21:01:51 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\winscp.rnd < %appdata%\*.exe /s > [2010.04.30 21:48:50 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2009.06.15 21:38:36 | 000,009,158 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe Invalid Environment Variable: localappdata Invalid Environment Variable: localappdata Invalid Environment Variable: localappdata < %allusersprofile%\*. > [2012.11.15 12:53:35 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten [2010.01.21 20:30:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data [2012.10.25 18:58:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Desktop [2010.04.30 21:47:33 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Dokumente [2009.06.15 22:16:56 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\DRM [2009.06.15 19:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Favoriten [2010.04.12 08:39:07 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü [2009.06.15 19:10:36 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Vorlagen < %allusersprofile%\*.* > < %allusersprofile%\*.exe /s > [2009.02.04 14:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe [2010.09.16 12:22:58 | 002,829,688 | ---- | M] (A1 Telekom Austria AG ) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{92809A0D-A823-4253-90B2-7D5F59F20E10}\bob_internet.exe [2012.01.03 18:46:15 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-A95000000001}\Setup.exe [2010.09.18 19:01:48 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe [2012.10.25 18:55:45 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe [2009.02.27 21:58:15 | 000,345,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe 9 Reader Installationsprogramme\Setup.exe [2009.10.28 08:11:08 | 000,000,673 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FreePDF\fpuCnfg.exe < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.11.2012 15:37:40 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1022,48 Mb Total Physical Memory | 528,30 Mb Available Physical Memory | 51,67% Memory free
2,40 Gb Paging File | 2,00 Gb Available in Paging File | 83,14% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 38,34 Gb Total Space | 2,14 Gb Free Space | 5,57% Space Free | Partition Type: NTFS
Computer Name: HANS | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-823518204-113007714-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot
"1927:TCP" = 1927:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"D:\Installation\Setupx.exe" = D:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Pidgin\pidgin.exe" = C:\Programme\Pidgin\pidgin.exe:*:Enabled:Pidgin -- (The Pidgin developer community)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Microsoft Games\Age of Empires\Empires.exe" = C:\Programme\Microsoft Games\Age of Empires\Empires.exe:*:Enabled:Age of Empires -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\Microsoft Games\Age of Empires II\EMPIRES2.EXE" = C:\Programme\Microsoft Games\Age of Empires II\EMPIRES2.EXE:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Programme\Anno 1602\1602.exe" = C:\Programme\Anno 1602\1602.exe:*:Enabled:1602
"C:\Programme\ANNO 1602 Königs-Edition\1602.exe" = C:\Programme\ANNO 1602 Königs-Edition\1602.exe:*:Enabled:1602 -- (MAX DESIGN)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Dokumente und Einstellungen\Maria\Lokale Einstellungen\Anwendungsdaten\Skype\Plugin Manager\skypePM.exe" = C:\Dokumente und Einstellungen\Maria\Lokale Einstellungen\Anwendungsdaten\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Dokumente und Einstellungen\Maria\Lokale Einstellungen\Anwendungsdaten\Skype\Phone\Skype.exe" = C:\Dokumente und Einstellungen\Maria\Lokale Einstellungen\Anwendungsdaten\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Realtek\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Programme\Realtek\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{07B22FB1-6A1E-41E7-8323-A9CA716026ED}" = bob internet
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{094074FD-1B13-7267-F786-51C9C6A76F3E}" = Catalyst Control Center Localization Polish
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A26C729-ECE1-F335-5E34-0C901BB8ADEF}" = ccc-core-preinstall
"{12EE8B97-720F-1CC0-F57D-BC66C5A988D0}" = CCC Help Hungarian
"{143405BB-F166-C828-BCAA-3E1A04D56C35}" = Catalyst Control Center Localization Danish
"{1774ACC4-A333-EC5D-1C2D-3E4C2EF060C8}" = Catalyst Control Center Localization Hungarian
"{17766AD8-856F-FDC6-38A2-C04232E5FD22}" = Catalyst Control Center Localization Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{21AF81F1-8D23-076A-313E-B0A0ADC7066C}" = Catalyst Control Center Localization French
"{234E70A2-F1CD-A9DB-E122-7A089EADA315}" = Catalyst Control Center Localization Greek
"{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}" = Zoo Tycoon 2 - Zoodirektor-Sammlung
"{245BBD95-C8FA-DD66-5CD6-71F4C4F5552E}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{28F1E7CB-E1E2-DA3F-09B9-5F36592EF4CB}" = Catalyst Control Center Localization Turkish
"{2C9083DF-AAEE-60A1-15C5-84299E4B51D1}" = CCC Help Russian
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A6EBAE2-B82D-5DAD-064E-E3F99C0F2BAA}" = CCC Help Chinese Traditional
"{3AFD3DA7-7223-5610-80FB-08C44561011E}" = CCC Help Czech
"{3BAF32E0-7877-37E1-F53A-8482393AA897}" = Catalyst Control Center Localization Norwegian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FA5E4CC-58ED-4ED0-AC9E-ED0759E9166E}" = RedistSysFiles
"{41D64F30-F585-433A-98F0-C06F3741511E}_is1" = Holiday Tycoon
"{42E351BC-E7C2-583C-D782-2DE6DF53F9B6}" = Catalyst Control Center Localization Chinese Traditional
"{45D9794C-2FE3-8180-2B1D-C0AD1926414B}" = CCC Help Dutch
"{46BF5495-A17D-4413-B165-97B9AAECBA92}" = ccc-core-static
"{4C5FFAA8-579C-4B5E-8718-23923BDA5518}" = Catalyst Control Center Localization Russian
"{4EFD6836-FC72-B269-032F-C689B21B3C97}" = Catalyst Control Center Localization Spanish
"{505FCE42-0DFF-128E-7270-7A524615B096}" = Catalyst Control Center Localization Finnish
"{5475BD3C-A5D5-155B-C4C6-56228AC12A43}" = Catalyst Control Center Localization Italian
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-9001-0407-0002-0060B0CE6BBA}" = AutoCAD 2011 - Deutsch
"{5783F2D7-9001-0407-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - Deutsch
"{5783F2D7-A001-0407-0002-0060B0CE6BBA}" = AutoCAD 2012 - Deutsch
"{5783F2D7-A001-0407-1002-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - Deutsch
"{58394C6E-1D18-6ADD-D916-3B0855D16DC5}" = CCC Help Norwegian
"{5B64D674-D8D8-33A5-8728-8E527220F7C7}" = CCC Help Finnish
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{62FE8186-5A37-BC85-B271-DCB7A25BC33B}" = Catalyst Control Center Graphics Full Existing
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{655DFA09-0631-D7D4-FE37-BDEFE2113D32}" = CCC Help Korean
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{6F6D972C-7D4E-49DF-8F6C-3B367FA9899A}" = VBA (2701.01)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7385EE94-C8DD-B2A5-6A43-C2A48EAB9A1C}" = CCC Help Chinese Standard
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{74C07829-4800-7CB5-DF82-8A8BE55F9091}" = CCC Help English
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81614DEF-C2B4-463A-8101-3DDDD3F8B812}_0" = Bentley MicroStation (V 08.05.02.70) - 1
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = DER ERSTE KAISER: Aufstieg des Reichs der Mitte
"{82DA76D0-A964-B120-B3BF-26BD6FA38787}" = Catalyst Control Center Core Implementation
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8BB5EA01-DDB9-CE5D-96BF-E6BE13DE1C97}" = CCC Help Turkish
"{8C59329A-FE1B-D00B-3208-9624776754EB}" = ccc-utility
"{8E72B982-D54F-486F-B35A-C24B6F171031}" = Nero 7 Essentials
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8FBC47DC-8452-69AD-F042-8C7D0FA54DBA}" = CCC Help Japanese
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93D98530-2627-3FAA-09BC-7C79462B34A0}" = Catalyst Control Center Localization Thai
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{96DF5EA9-C6FB-62F8-48E4-F03885892CA7}" = CCC Help Swedish
"{99774D8C-CAD0-3646-5EF6-706421D9CFCC}" = Catalyst Control Center Localization German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9B49BE56-7934-166F-7AFD-A14E38EBF8ED}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A0582BFA-16B4-6573-38B0-29DD589FD43A}" = Catalyst Control Center Localization Korean
"{A10DA03B-9048-48B4-00A2-A71153C3F886}" = Die Sims™ Tiergeschichten
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A99AE198-60A2-0744-F768-F700EFDA4D2D}" = Catalyst Control Center Localization Chinese Standard
"{A9FF0492-05E5-F426-3104-3DDA813E2E23}" = Catalyst Control Center Graphics Previews Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7374768-A9FD-CD71-B0C7-8ACEEB6F731B}" = Catalyst Control Center Localization Dutch
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2ED3B35-5980-4496-B32B-1DE76D61DF63}" = STAN 2.0.1703
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C5F2DBF1-6A08-39D2-9871-BF8F29F73C88}" = Skins
"{C837CF12-C6A3-4318-B6F3-3A7FA6C2A07F}_is1" = Steig ein! 7.4
"{C849D7B5-DCE7-9080-687E-CF5D3D535190}" = CCC Help Thai
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCE74E03-4C99-915C-931D-C7264BCA9DDB}" = CCC Help Spanish
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D28695F9-31CD-783C-6F29-065B8737F8CA}" = Catalyst Control Center Localization Czech
"{D3A1CEC0-4D44-9ACA-A894-035269EE2C59}" = CCC Help Greek
"{D63B08C9-50B9-D513-083C-BF9310149C35}" = Catalyst Control Center Graphics Full New
"{D72384E0-9A6B-C04D-5AFA-E37C7472E6C0}" = Catalyst Control Center Localization Portuguese
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E0BC8EAB-5967-C231-80E0-A90AC551C604}" = Catalyst Control Center Localization Swedish
"{E1929CF4-139E-B24F-42A2-BFE2DAB1F112}" = CCC Help Danish
"{E48D3F6F-9765-D114-72A1-A9B4590F7443}" = CCC Help Italian
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion Plugin for AutoCAD 2012
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EBB19969-37BF-8449-A1ED-7E64ECBD6FBF}" = CCC Help Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A6D232-D1C0-1167-B29A-CB0F7986D499}" = CCC Help Portuguese
"{F95A9729-9678-3683-B3F2-FB706F7256C5}" = CCC Help German
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Akamai" = Akamai NetSession Interface Service
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Aspell Russian Dictionary_is1" = Aspell Russian Dictionary-0.50-2
"Aspell Spanish Dictionary_is1" = Aspell Spanish Dictionary-0.50-2
"ATI Display Driver" = ATI Display Driver
"AutoCAD 2011 - Deutsch" = AutoCAD 2011 - Deutsch
"AutoCAD 2012 - Deutsch" = AutoCAD 2012 - Deutsch
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion Plugin for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"bob internet" = bob internet
"Der VerkehrsGigant-Gold Edition" = Der VerkehrsGigant-Gold Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Photo Print" = EPSON Photo Print
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FreePDF_XP" = FreePDF (Remove only)
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"GSview 4.9" = GSview 4.9
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"Herrscher des Olymp - Zeus" = Herrscher des Olymp - Zeus
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}" = Zoo Tycoon 2 - Zoodirektor-Sammlung
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Pidgin" = Pidgin
"pidgin-otr" = pidgin-otr 3.2.0-1
"PRJPRO" = Microsoft Office Project Professional 2007
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"S4Uninst" = Die Siedler IV
"Shockwave" = Shockwave
"SP6" = Logitech SetPoint 6.0
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.9
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.1.9
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-823518204-113007714-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.10.2012 20:19:20 | Computer Name = HANS | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
(Der RPC-Server ist nicht verfügbar. ). Die Verarbeitung der Gruppenrichtlinie
wurde abgebrochen.
Error - 29.10.2012 19:11:05 | Computer Name = HANS | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft Office 2000 Professional -- Fehler 1706. Es wurde
keine gültige Quelle für das Produkt "Microsoft Office 2000 Professional" gefunden.
Die Installation kann nicht fortgesetzt werden.
Error - 29.10.2012 19:12:48 | Computer Name = HANS | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft Office 2000 Professional -- Fehler 1706. Es wurde
keine gültige Quelle für das Produkt "Microsoft Office 2000 Professional" gefunden.
Die Installation kann nicht fortgesetzt werden.
Error - 29.10.2012 19:15:30 | Computer Name = HANS | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft Office 2000 Professional -- Fehler 1706. Es wurde
keine gültige Quelle für das Produkt "Microsoft Office 2000 Professional" gefunden.
Die Installation kann nicht fortgesetzt werden.
Error - 30.10.2012 11:08:36 | Computer Name = HANS | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft Office 2000 Professional -- Fehler 1706. Es wurde
keine gültige Quelle für das Produkt "Microsoft Office 2000 Professional" gefunden.
Die Installation kann nicht fortgesetzt werden.
Error - 06.11.2012 12:00:54 | Computer Name = HANS | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft Office 2000 Professional -- Fehler 1706. Es wurde
keine gültige Quelle für das Produkt "Microsoft Office 2000 Professional" gefunden.
Die Installation kann nicht fortgesetzt werden.
Error - 06.11.2012 12:01:01 | Computer Name = HANS | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft Office 2000 Professional -- Fehler 1706. Es wurde
keine gültige Quelle für das Produkt "Microsoft Office 2000 Professional" gefunden.
Die Installation kann nicht fortgesetzt werden.
Error - 06.11.2012 12:01:13 | Computer Name = HANS | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft Office 2000 Professional -- Fehler 1706. Es wurde
keine gültige Quelle für das Produkt "Microsoft Office 2000 Professional" gefunden.
Die Installation kann nicht fortgesetzt werden.
Error - 06.11.2012 12:32:03 | Computer Name = HANS | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft Office 2000 Professional -- Fehler 1706. Es wurde
keine gültige Quelle für das Produkt "Microsoft Office 2000 Professional" gefunden.
Die Installation kann nicht fortgesetzt werden.
Error - 13.11.2012 03:03:39 | Computer Name = HANS | Source = Userenv | ID = 1512
Description = Die Registrierungsdatei konnte nicht entladen werden. Der für die
Registrierung verwendete Arbeitsspeicher wurde nicht freigegeben. Dies wird oft
durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen
Sie die Dienste entweder unter dem Konto "LocalService" oder "NetworkService" auszuführen.
Wenden Sie sich an den Netzwerkadministrator, wenn das Problem weiterhin besteht.
Details - Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.
[ OSession Events ]
Error - 29.06.2009 16:31:41 | Computer Name = HANS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2955
seconds with 1920 seconds of active time. This session ended with a crash.
Error - 29.06.2009 16:38:24 | Computer Name = HANS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 377
seconds with 240 seconds of active time. This session ended with a crash.
Error - 09.10.2009 11:45:55 | Computer Name = HANS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 76
seconds with 60 seconds of active time. This session ended with a crash.
Error - 13.12.2009 08:50:02 | Computer Name = HANS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13034
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.01.2012 23:39:26 | Computer Name = HANS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16080
seconds with 5760 seconds of active time. This session ended with a crash.
Error - 15.01.2012 23:43:27 | Computer Name = HANS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 148
seconds with 60 seconds of active time. This session ended with a crash.
Error - 15.01.2012 23:49:04 | Computer Name = HANS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 243
seconds with 120 seconds of active time. This session ended with a crash.
Error - 16.01.2012 00:24:50 | Computer Name = HANS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1800
seconds with 1260 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 15.11.2012 10:16:00 | Computer Name = HANS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "CA561" wurde mit folgendem Fehler beendet: %%126
Error - 15.11.2012 10:32:01 | Computer Name = HANS | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-19) für Benutzer NT-AUTORITÄT\LOKALER DIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 15.11.2012 10:32:01 | Computer Name = HANS | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-19) für Benutzer NT-AUTORITÄT\LOKALER DIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 15.11.2012 10:32:01 | Computer Name = HANS | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-19) für Benutzer NT-AUTORITÄT\LOKALER DIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 15.11.2012 10:32:01 | Computer Name = HANS | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-19) für Benutzer NT-AUTORITÄT\LOKALER DIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 15.11.2012 10:35:16 | Computer Name = HANS | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-19) für Benutzer NT-AUTORITÄT\LOKALER DIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 15.11.2012 10:35:16 | Computer Name = HANS | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-19) für Benutzer NT-AUTORITÄT\LOKALER DIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 15.11.2012 10:37:32 | Computer Name = HANS | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-19) für Benutzer NT-AUTORITÄT\LOKALER DIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 15.11.2012 10:37:32 | Computer Name = HANS | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-19) für Benutzer NT-AUTORITÄT\LOKALER DIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 15.11.2012 10:37:32 | Computer Name = HANS | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-19) für Benutzer NT-AUTORITÄT\LOKALER DIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
< End of report >
|
|
15.11.2012, 16:00
| #12 |
| | Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash Update So, der DDS-Scan ist erledigt. Hier kommt DDS.txt: Code:
ATTFilter DDS (Ver_2012-11-07.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 Run by *** at 15:52:37 on 2012-11-15 #Option MBR scan is disabled. Microsoft Windows XP Professional 5.1.2600.3.1252.43.1031.18.1022.466 [GMT 1:00] . FW: ActiveArmor Firewall *Enabled* . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programme\LogMeIn Hamachi\hamachi-2.exe C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Nero\Nero 7\InCD\NBHGui.exe C:\Programme\Nero\Nero 7\InCD\InCD.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe C:\Programme\Realtek\11n USB Wireless LAN Utility\RtWLan.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k Akamai C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.at/ uProxyOverride = 127.0.0.1:9421 BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\programme\microsoft office\office12\GrooveShellExtensions.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programme\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [LightScribe Control Panel] c:\programme\gemeinsame dateien\lightscribe\LightScribeControlPanel.exe -hidden uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\programme\gemeinsame dateien\ahead\lib\NMBgMonitor.exe" uRun: [Akamai NetSession Interface] "c:\dokumente und einstellungen\***\lokale einstellungen\anwendungsdaten\akamai\netsession_win.exe" mRun: [StartCCC] "c:\programme\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [nTrayFw] c:\programme\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [SkyTel] SkyTel.EXE mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe mRun: [JMB36X Configure] c:\windows\system32\JMRaidSetup.exe boot mRun: [NeroFilterCheck] c:\programme\gemeinsame dateien\ahead\lib\NeroCheck.exe mRun: [SecurDisc] c:\programme\nero\nero 7\incd\NBHGui.exe mRun: [InCD] c:\programme\nero\nero 7\incd\InCD.exe mRun: [GrooveMonitor] "c:\programme\microsoft office\office12\GrooveMonitor.exe" mRun: [SunJavaUpdateSched] "c:\programme\java\jre6\bin\jusched.exe" mRun: [FreePDF Assistant] c:\programme\freepdf_xp\fpassist.exe mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime mRunOnce: [Z1] c:\dokumente und einstellungen\***\desktop\mbar\mbar.exe /cleanup /s dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\ConduitEngine /f StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office\OSA9.EXE StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\realte~1.lnk - c:\programme\realtek\11n usb wireless lan utility\RtWLan.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Auswahl in Adobe PDF konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: In Adobe PDF konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: In vorhandene PDF-Datei konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\programme\microsoft office\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe LSP: %SYSTEMROOT%\system32\nvappfilter.dll DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{4902E8F0-EFE8-4276-9B21-35F94F5CB11D} : NameServer = 195.3.96.67,195.3.96.68 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\programme\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: LBTWlgn - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\programme\microsoft office\office12\GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\programme\gemeinsame dateien\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\zhqezvqk.default\ FF - prefs.js: network.proxy.ftp - proxy.aon.at FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.http - proxy.aon.at FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - proxy.aon.at FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - proxy.aon.at FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\programme\adobe\reader 9.0\reader\air\nppdf32.dll FF - ExtSQL: !HIDDEN! 2009-12-03 11:17; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programme\logmein hamachi\hamachi-2.exe [2011-3-28 1242504] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-11-15 35144] S0 kgjupb;kgjupb;c:\windows\system32\drivers\cbgwr.sys --> c:\windows\system32\drivers\cbgwr.sys [?] S0 tpibpni;tpibpni;c:\windows\system32\drivers\qsvhiy.sys --> c:\windows\system32\drivers\qsvhiy.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-5-14 9216] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2011-9-14 602912] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 Autodesk Content Service;Autodesk Content Service;c:\programme\autodesk\content service\Connect.Service.ContentService.exe [2011-2-2 18656] . =============== File Associations =============== . FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1" . =============== Created Last 30 ================ . 2012-11-15 14:18:45 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-11-15 11:23:58 -------- d-sha-r- C:\cmdcons 2012-11-15 11:18:31 98816 ----a-w- c:\windows\sed.exe 2012-11-15 11:18:31 256000 ----a-w- c:\windows\PEV.exe 2012-11-15 11:18:31 208896 ----a-w- c:\windows\MBR.exe 2012-11-15 10:03:49 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-28 21:34:46 -------- d-----w- c:\programme\ESET . ==================== Find3M ==================== . 2012-11-15 10:05:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2012-09-29 17:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 15:52:51,68 =============== |
|
15.11.2012, 16:04
| #13 | ||
| /// TB-Ausbilder | Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash Update So jetzt habe ich alles was ich für den finalen Schlag brauche  Combofix-Skript
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
15.11.2012, 16:07
| #14 |
| | Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash Update "Finaler Schlag" klingt gut,  Bevor ich das mache, poste ich noch Attach.txt - diesmal als gezippter Anhang, weil sonst die maximale Zeichenanzahl überschritten wird. |
|
15.11.2012, 16:25
| #15 |
| | Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash Update Combofix hat leider offenbar nicht so wie erwartet funktioniert. Einige Zeit nach dem Start hat Combofix gesagt, dass jetzt ein Neustart erforderlich ist. Nach dem Neustart hat Combofix gleich noch einmal losgelegt, aber nach ein bisschen Zeit gab es abermals einen Neustart. Danach hat Combofix nicht noch einmal weitergemacht. Log wurde ebenfalls keines erstellt. Soll ich den gleichen Arbeitsschritt wiederholen? |
|
| Themen zu Malwarebytes findet Rootkit/Umleitung von Google auf fresh-weather/Adobe Flash Update |
| adobe, akamai, bho, bonjour, error, explorer, fehler, firefox, flash player, flash update, format, google, google umleitung, homepage, logfile, mozilla, neustart, object, plug-in, problem, programm, realtek, registry, rootkit, scan, seiten, software, usb, öffnet |
Textbox.
Linear-Darstellung
