Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   MBRoot? gmer (im safety mode) und aswMBR schlagen alarm (https://www.trojaner-board.de/106066-mbroot-gmer-safety-mode-aswmbr-schlagen-alarm.html)

hanspans 10.12.2011 15:53
MBRoot? gmer (im safety mode) und aswMBR schlagen alarm
 
Hallo,

ich fang mal vorne an:
vor ner weile ist mein rechner zeitweise merkwürdig langsam geworden. ein scan mit avira endete mit dem hinweis auf einen "versteckten treiber" bzw "Speicherveränderung" (keine alcohol-treiber oderso, bleibt auch nach disable mit defogger) hab dann malwarebytes laufen lassen, was ein paar trojanerreste gefunden hat (ich glaube nicht, das die was mit dem problem zu tun hatten, kann aber auch mehr dazu berichten). rootrepeal schließlich meldete ein rootkit.
gmer verhält sich etwas merkwürdig: beim ersten scan meldetet es einen rootkit-fund, seit dem nicht mehr, es sei denn ich scanne im abgesicherten modus. ich hänge mal beides ran. aswMBR meldet ebenfalls ein rootkit.
OTL liefert mir keine extra.txt, nur die OTL.txt

Hoffe ihr könnt mir helfen.

Hier die OTL, der Rest als Anhang

OTL logfile created on: 10.12.2011 14:11:04 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\***\Desktop\anti
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,69% Memory free
3,85 Gb Paging File | 3,37 Gb Available in Paging File | 87,56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 43,60 Gb Free Space | 9,36% Space Free | Partition Type: NTFS

Computer Name: SMN | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.22 12:57:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\anti\OTL.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.03.22 19:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2011.03.11 15:17:30 | 000,093,360 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Programme\Olympus\ib\olycamdetect.exe
PRC - [2010.04.05 23:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Programme\FolderSize\FolderSizeSvc.exe
PRC - [2009.07.20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.07.14 12:45:16 | 000,336,384 | ---- | M] (Portrait Displays, Inc) -- C:\Programme\Portrait Displays\HP My Display\dthtml.exe
PRC - [2008.07.14 12:43:04 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008.07.14 12:42:56 | 000,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\HookManager.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.09 11:17:30 | 000,694,008 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007.02.09 11:17:26 | 000,694,008 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\wpCtrl.exe


========== Modules (No Company Name) ==========

MOD - [2011.11.17 23:05:27 | 000,005,376 | ---- | M] () -- C:\WINDOWS\system32\antiwpa.dll
MOD - [2011.10.13 02:11:08 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011.10.13 02:11:02 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011.10.13 02:10:46 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011.10.13 02:10:17 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011.10.13 02:08:58 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.13 02:08:54 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011.10.13 02:08:45 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011.10.13 02:07:46 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.13 02:07:35 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011.10.11 13:59:51 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.08.09 20:50:00 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.08.09 20:49:56 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.05.30 21:07:27 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3776.37421__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.05.30 21:07:27 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3776.37526__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2010.05.30 21:07:27 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3776.37526__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2010.05.30 21:07:27 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3776.37530__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2010.05.30 21:07:27 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3776.37527__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2010.05.30 21:07:26 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3776.37425__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l
MOD - [2010.05.30 21:07:26 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3776.37478__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2010.05.30 21:07:26 | 000,380,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3776.37403__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:26 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3776.37494__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2010.05.30 21:07:26 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3776.37427__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.05.30 21:07:26 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3776.37489__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:26 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3776.37412__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3776.37465__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:26 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3776.37451__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l
MOD - [2010.05.30 21:07:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3776.37413__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll
MOD - [2010.05.30 21:07:25 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3776.37556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:25 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3776.37512__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:25 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3776.37426__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:25 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3776.37426__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:25 | 000,013,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3776.37556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:25 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3776.37553__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:24 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3776.37471__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3776.37472__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.05.30 21:07:24 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3776.37470__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:23 | 000,655,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3776.37525__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:23 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3776.37524__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:22 | 000,856,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3776.37455__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:22 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3776.37481__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.05.30 21:07:22 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3776.37416__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll
MOD - [2010.05.30 21:07:22 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3776.37428__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:22 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3776.37454__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3776.37460__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll
MOD - [2010.05.30 21:07:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3776.37460__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll
MOD - [2010.05.30 21:07:21 | 000,749,568 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3776.37491__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:21 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3776.37467__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:21 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3776.37429__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll
MOD - [2010.05.30 21:07:21 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3776.37453__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:21 | 000,376,832 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3776.37448__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:21 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3776.37452__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3776.37432__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll
MOD - [2010.05.30 21:07:21 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3776.37462__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:20 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3776.37453__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:20 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3776.37397__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.05.30 21:07:20 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.05.30 21:07:20 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3776.37392__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.05.30 21:07:20 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3776.37509__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.05.30 21:07:20 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3776.37397__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010.05.30 21:07:20 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3776.37518__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010.05.30 21:07:20 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3776.37402__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.05.30 21:07:20 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3776.37398__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.05.30 21:07:19 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3776.37390__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.05.30 21:07:19 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3776.37392__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.05.30 21:07:19 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3776.37395__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.05.30 21:07:18 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3776.37395__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.05.30 21:07:18 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3776.37391__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.05.30 21:07:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.05.30 21:07:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3776.37504__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.05.30 21:07:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3776.37393__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.05.30 21:07:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2010.05.30 21:07:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3776.37394__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.05.30 21:07:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.05.30 21:07:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.05.30 21:07:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3776.37420__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.05.30 21:07:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3776.37412__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.05.30 21:07:18 | 000,009,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3776.37511__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2010.05.30 21:07:18 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3776.37393__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.05.30 21:07:18 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3776.37401__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.05.30 21:07:18 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3776.37396__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.05.30 21:07:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3776.37444__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.05.30 21:07:17 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3776.37523__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2010.05.30 21:07:17 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3776.37470__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.05.30 21:07:17 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3776.37510__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.05.30 21:07:17 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3776.37459__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l
MOD - [2010.05.30 21:07:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3776.37425__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2010.05.30 21:07:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3776.37402__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l
MOD - [2010.05.30 21:07:16 | 000,741,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3776.37546__90ba9c70f846762e\ResourceManagement.Foundation.Implementatio n.dll
MOD - [2010.05.30 21:07:16 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3776.37489__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.05.30 21:07:16 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3776.37423__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.05.30 21:07:16 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3776.37452__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.05.30 21:07:16 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3776.37412__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.05.30 21:07:16 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3776.37519__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.05.30 21:07:16 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3776.37464__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.05.30 21:07:16 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3776.37413__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.05.30 21:07:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3776.37413__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l
MOD - [2010.05.30 21:07:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3776.37423__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.05.30 21:07:16 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3776.37393__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.05.30 21:07:16 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3776.37398__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.05.30 21:07:15 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3776.37505__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.05.30 21:07:15 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3776.37502__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.05.30 21:07:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3776.37396__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.05.30 21:07:15 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3776.37394__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.05.30 21:07:15 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3776.37395__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.05.30 21:07:15 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010.05.30 21:07:15 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010.05.30 21:07:15 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3776.37419__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.05.30 21:07:15 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3776.37400__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010.05.30 21:07:15 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3776.37398__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.05.30 21:07:14 | 000,577,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3776.37499__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010.05.30 21:07:14 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3776.37420__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.05.30 21:07:14 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3776.37400__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.05.30 21:07:14 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3776.37401__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010.05.30 21:07:14 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3776.37397__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.05.30 21:07:14 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3776.37407__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.05.30 21:07:13 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3776.37409__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.05.30 21:07:13 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3776.37399__90ba9c70f846762e\APM.Server.dll
MOD - [2010.05.30 21:07:13 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3776.37398__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.05.30 21:07:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3776.37406__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.05.30 21:07:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.05.30 21:07:13 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3776.37504__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.05.30 21:07:13 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3776.37425__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010.04.16 13:20:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009.07.20 11:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.10.28 00:46:32 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard\1.2.2924.20913__90ba9c70f846762e\CLI.AIB.TutorialInfoCentre.Tutorial.Dashbo ard.dll
MOD - [2008.07.14 12:43:12 | 000,151,552 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DThook.dll
MOD - [2008.07.14 12:43:06 | 000,077,824 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Plugins\CC\gui.dll
MOD - [2008.07.14 12:43:04 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
MOD - [2008.07.14 12:42:50 | 000,102,400 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2007.10.04 12:37:40 | 000,196,608 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\di2c.dll
MOD - [2007.02.09 11:17:30 | 000,694,008 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\Floater.exe
MOD - [2007.02.09 11:17:26 | 000,694,008 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007.02.09 11:16:08 | 000,245,760 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\Winphook.dll
MOD - [2006.03.09 18:45:36 | 000,081,920 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_33.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.31 04:41:36 | 000,243,712 | ---- | M] (SMServer) [On_Demand | Stopped] -- C:\WINDOWS\System32\snmvtsvc.exe -- (SMServer)
SRV - [2011.07.31 03:27:36 | 001,037,824 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\GSService.exe -- (GSService)
SRV - [2010.04.05 23:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2009.07.20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.28 22:01:22 | 000,326,192 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008.10.28 22:00:40 | 000,113,200 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Programme\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2008.10.28 22:00:08 | 000,399,920 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008.10.02 17:25:42 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.07.14 12:43:04 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.01 05:13:24 | 000,023,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamdAudio.sys -- (CamdAudio)
DRV - [2011.02.22 01:00:52 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2011.02.22 01:00:39 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.02.22 01:00:39 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.02.16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010.08.25 18:39:02 | 000,013,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\prwntdrv.sys -- (prwntdrv)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.07 03:42:04 | 004,687,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.10.29 22:33:02 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2008.10.28 22:01:34 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2008.10.28 22:01:32 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2008.10.28 22:01:32 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2008.10.28 22:01:30 | 000,857,392 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2008.10.28 22:01:28 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2008.10.28 22:01:20 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2008.10.28 16:03:28 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2008.10.28 16:03:28 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2008.10.02 17:24:48 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.08.06 14:29:46 | 000,094,720 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camfilt2.sys -- (camfilt2)
DRV - [2007.07.17 17:07:42 | 010,371,072 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.06.24 20:56:54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.05.10 11:28:08 | 004,419,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.04.14 09:28:00 | 000,094,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.04.03 13:57:54 | 000,099,080 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007.04.03 13:57:52 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
DRV - [2007.04.03 13:57:52 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007.04.03 13:57:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.03 13:57:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007.04.03 13:57:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007.04.03 13:57:42 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007.02.09 11:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007.02.09 11:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006.12.28 04:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006.11.16 16:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.03.02 17:24:30 | 000,133,504 | ---- | M] (AfaTech ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AF05BDA.sys -- (AF05BDA)
DRV - [2003.04.19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003.03.02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2001.08.17 13:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.1.3.21
FF - prefs.js..extensions.enabledItems: tiletabs@DW-dev:4.10

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.13 15:28:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.07.05 09:50:39 | 000,000,000 | ---D | M]

[2010.04.17 07:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2011.11.10 15:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\extensions
[2011.05.16 00:17:37 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2011.11.10 15:22:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.08 18:51:12 | 000,000,000 | ---D | M] (QuickDrag) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2010.03.05 13:35:25 | 000,001,820 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\bing.xml
[2009.02.11 00:49:44 | 000,002,298 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\lastfm.xml
[2008.10.29 18:08:15 | 000,001,660 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\leo-deu-eng.xml
[2011.07.18 21:46:39 | 000,001,729 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\linguee-de-en.xml
[2011.01.23 23:36:02 | 000,008,037 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\mobygames.xml
[2011.11.10 14:22:30 | 000,001,242 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\plattentestsde-all.xml
[2008.10.30 15:57:18 | 000,002,006 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\urban-dictionary.xml
[2008.10.29 18:08:43 | 000,001,330 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\wikipedia-en.xml
[2009.01.07 21:56:44 | 000,001,334 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\wiktionary-de.xml
[2008.10.29 21:04:22 | 000,002,108 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\youtube-video-search.xml
[2011.11.17 00:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.22 21:13:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.27 06:45:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.11.17 00:36:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TDE1CIQ2.DEFAULT\EXTENSIONS\{11483926-DB67-4190-91B1-EF20FCEC5F33}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TDE1CIQ2.DEFAULT\EXTENSIONS\{C6FB3A99-0BF0-4AB3-9B5B-9FE631D6CDE3}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TDE1CIQ2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TDE1CIQ2.DEFAULT\EXTENSIONS\TILEVIEW@DW-DEV.XPI
[2011.08.31 12:53:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.10.13 15:28:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.13 15:28:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.13 15:28:12 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.13 15:28:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.13 15:28:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.13 15:28:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.13 15:28:12 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.09.16 14:13:10 | 000,000,355 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found
O4 - HKLM..\Run: [DT HPW] C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Programme\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Olympus ib] C:\Programme\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PivotSoftware] C:\Programme\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AeroSnap] C:\Programme\AeroSnap\AeroSnap.exe File not found
O4 - HKCU..\Run: [Olympus ib] C:\Programme\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Programme\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Programme\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programme\MelodyCan\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programme\MelodyCan\YouTubeRipper.dll ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Programme\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Programme\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225197402253 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225197551362 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Antiwpa: DllName - (antiwpa.dll) - C:\WINDOWS\System32\antiwpa.dll ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.28 00:06:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{10560302-7d58-11e0-8823-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{10560302-7d58-11e0-8823-005056c00008}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{10560302-7d58-11e0-8823-005056c00008}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{7499571c-698e-11e0-87f6-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{7499571c-698e-11e0-87f6-005056c00008}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7499571c-698e-11e0-87f6-005056c00008}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "VMware NAT Service"
MsConfig - Services: "VMnetDHCP"
MsConfig - Services: "VMAuthdService"
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: CamserviceDeluxe2 - hkey= - key= - C:\Programme\Hercules\Deluxe Optical Glass\Camservice.exe (Guillemot Corporation S.A.)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - File not found
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - File not found
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
MsConfig - StartUpReg: VMware hqtray - hkey= - key= - C:\Programme\VMware\VMware Player\hqtray.exe (VMware, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.11.22 15:36:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\anti
[2011.11.20 15:03:03 | 000,472,064 | ---- | C] ( ) -- C:\Programme\RootRepeal.exe
[2011.11.20 11:47:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011.11.20 11:47:00 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.11.20 11:47:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011.11.18 12:46:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2011.11.18 12:45:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager
[2011.11.18 12:45:55 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2011.11.17 22:10:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2011.11.17 22:10:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.11.17 22:10:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.11.17 22:10:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.11.17 19:47:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\backups - abgleichen
[2011.11.17 00:36:54 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2011.11.15 19:04:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Videos
[2009.09.20 23:07:41 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009.09.20 23:07:41 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009.03.10 13:10:08 | 000,012,048 | ---- | C] (Microsoft Corporation) -- C:\Programme\cpugrab.exe
[2009.02.12 13:49:14 | 000,237,568 | ---- | C] (Derrow/Decision Development) -- C:\Programme\VobEdit.exe
[2009.02.12 06:10:03 | 001,208,320 | ---- | C] (Derrow/Decision Development) -- C:\Programme\IfoEdit.exe
[82 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[77 C:\Dokumente und Einstellungen\***\*.tmp files -> C:\Dokumente und Einstellungen\***\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.12.10 13:41:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.10 13:41:12 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.09 13:09:21 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011.12.09 13:00:10 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.01 17:42:16 | 000,120,320 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.22 15:37:30 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2011.11.22 12:23:36 | 000,000,555 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit RootRepeal.exe.lnk
[2011.11.22 12:23:30 | 000,000,545 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit quph0wdv.exe.lnk
[2011.11.20 16:16:37 | 000,302,592 | ---- | M] () -- C:\Programme\quph0wdv.exe
[2011.11.20 15:03:13 | 000,000,000 | ---- | M] () -- C:\Programme\settings.dat
[2011.11.20 11:47:05 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Spybot - Search & Destroy.lnk
[2011.11.18 14:42:38 | 000,010,498 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_17.11.2011_06-22drv.spi
[2011.11.18 01:00:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.11.17 23:05:27 | 000,005,376 | ---- | M] () -- C:\WINDOWS\System32\antiwpa.dll
[2011.11.17 22:10:38 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.17 19:56:18 | 000,000,215 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\default.rss
[2011.11.17 19:55:44 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[82 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[77 C:\Dokumente und Einstellungen\***\*.tmp files -> C:\Dokumente und Einstellungen\***\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.10 13:41:12 | 2146,816,000 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.22 15:37:30 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2011.11.22 12:23:36 | 000,000,555 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit RootRepeal.exe.lnk
[2011.11.22 12:23:30 | 000,000,545 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit quph0wdv.exe.lnk
[2011.11.20 16:51:35 | 000,302,592 | ---- | C] () -- C:\Programme\quph0wdv.exe
[2011.11.20 15:03:13 | 000,000,000 | ---- | C] () -- C:\Programme\settings.dat
[2011.11.20 11:47:05 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Spybot - Search & Destroy.lnk
[2011.11.18 13:36:23 | 000,010,498 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_17.11.2011_06-22drv.spi
[2011.11.17 23:05:27 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll
[2011.11.17 22:10:38 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.17 19:25:54 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe
[2011.09.04 02:15:37 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011.09.04 02:15:37 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2011.08.09 19:16:10 | 001,037,824 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe
[2011.05.27 14:30:44 | 000,000,408 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Checksum.ini
[2011.05.24 13:53:30 | 000,098,696 | ---- | C] () -- C:\WINDOWS\System32\setupprwdrv03.exe
[2011.05.24 13:53:30 | 000,013,064 | ---- | C] () -- C:\WINDOWS\System32\prwntdrv.sys
[2011.05.03 16:09:22 | 000,029,346 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2011.04.09 18:00:43 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2011.02.20 21:02:27 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2011.02.20 21:02:26 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2011.02.16 07:55:08 | 000,015,838 | ---- | C] () -- C:\WINDOWS\System32\win32wnd09.dll
[2011.02.16 07:55:08 | 000,010,118 | ---- | C] () -- C:\WINDOWS\System32\cfgjvjpu09.dll
[2010.06.01 21:44:11 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2010.06.01 21:33:09 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010.06.01 21:33:09 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010.06.01 21:33:09 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010.05.13 13:18:35 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010.05.13 13:18:34 | 000,202,234 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010.05.13 13:18:34 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010.03.10 19:04:18 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\downloads.m3u
[2009.12.08 10:06:55 | 002,828,156 | ---- | C] () -- C:\Programme\u
[2009.12.03 16:51:28 | 000,000,020 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2009.09.24 16:53:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2009.09.20 23:07:41 | 000,015,478 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009.09.20 23:06:51 | 003,600,384 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe
[2009.08.20 11:54:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.07.09 07:51:40 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\setup_ldm.iss
[2009.05.05 18:50:00 | 000,000,126 | ---- | C] () -- C:\WINDOWS\_delis43.ini
[2009.03.30 09:08:17 | 000,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
[2009.03.10 02:52:01 | 000,143,872 | R--- | C] () -- C:\Programme\SlowDown.exe
[2009.03.07 14:32:01 | 000,000,215 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\default.rss
[2009.02.12 13:54:31 | 000,000,133 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2009.02.12 06:09:55 | 000,000,346 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2009.02.12 05:31:29 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009.02.03 00:21:16 | 000,313,344 | ---- | C] () -- C:\Programme\hjsplit.exe
[2009.01.23 15:50:54 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009.01.05 21:01:16 | 1150,156,800 | ---- | C] () -- C:\Programme\msoffice_2007_se_frost-rl.iso
[2008.11.18 00:19:21 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.11.18 00:19:19 | 002,121,235 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008.11.18 00:19:19 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.11.18 00:19:19 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.11.18 00:19:18 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.11.13 20:59:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008.11.12 16:37:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008.11.12 16:36:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.11.04 23:25:24 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2008.11.04 23:24:43 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008.10.29 21:22:44 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008.10.28 14:46:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.10.28 14:46:03 | 000,120,320 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.28 13:34:29 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008.10.28 13:33:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.10.28 00:57:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.10.28 00:56:10 | 000,196,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.10.28 00:49:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008.10.28 00:35:53 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.10.28 00:12:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.10.28 00:04:21 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.09.19 22:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007.08.21 10:51:16 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007.08.21 08:36:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2006.11.02 16:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2001.10.02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.02 14:00:00 | 000,455,018 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001.10.02 14:00:00 | 000,438,372 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.10.02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.02 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001.10.02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.02 14:00:00 | 000,082,740 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001.10.02 14:00:00 | 000,069,794 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.10.02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.02 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001.10.02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.10.02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001.10.02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009.01.19 21:38:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy
[2011.09.01 22:05:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010.09.16 14:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2011.03.02 11:36:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG
[2008.12.04 22:49:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
[2011.11.18 12:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2009.01.09 01:44:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2011.05.25 20:19:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.02.22 01:05:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.minecraft
[2010.02.27 01:31:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AeroSnapApp
[2011.02.16 00:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AtomZombieDemoData
[2009.10.23 15:25:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Bioshock
[2011.03.02 18:33:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Braid
[2008.10.28 21:07:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Broken Sword 2.5
[2011.05.25 13:50:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ChemAxon
[2009.02.03 00:49:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools
[2011.09.01 23:09:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
[2009.02.03 00:49:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Pro
[2010.06.01 21:47:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DisplayTune
[2011.08.09 20:59:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoft
[2011.08.09 20:59:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.08.05 12:08:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\foobar2000
[2011.08.06 01:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Free Download Manager
[2011.06.14 19:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GrabPro
[2010.11.25 16:52:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
[2011.06.14 23:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hensense.com
[2011.03.23 20:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2008.11.05 00:15:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite
[2010.05.31 22:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IsolatedStorage
[2008.10.28 01:04:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2011.04.11 07:57:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MusicBee
[2009.04.22 10:38:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MyPhoneExplorer
[2011.06.14 23:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Orbit
[2011.06.14 19:13:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ProgSense
[2011.05.24 16:32:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\R-TT
[2011.04.01 12:09:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScummVM
[2010.05.31 22:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Symyx
[2009.01.09 01:59:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teleca
[2011.08.05 01:33:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\VMLoad

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2009.01.12 23:53:01 | 000,000,000 | ---D | M] -- C:\alter kram
[2010.05.13 14:06:10 | 000,000,000 | ---D | M] -- C:\ATI
[2011.10.14 11:52:05 | 000,000,000 | ---D | M] -- C:\backups
[2011.11.17 00:36:54 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2008.10.28 00:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.11.18 15:41:55 | 000,000,000 | R--D | M] -- C:\downloads
[2011.11.04 20:57:21 | 000,000,000 | R--D | M] -- C:\Filme
[2011.11.03 17:47:36 | 000,000,000 | R--D | M] -- C:\Fotos
[2010.08.30 22:44:53 | 000,000,000 | ---D | M] -- C:\***
[2009.01.05 21:13:16 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.11.08 07:04:03 | 000,000,000 | R--D | M] -- C:\Musik
[2011.08.31 18:30:38 | 000,000,000 | ---D | M] -- C:\Musik 2
[2009.01.23 15:50:54 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.11.20 16:51:35 | 000,000,000 | R--D | M] -- C:\Programme
[2008.10.28 13:50:28 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.10.20 20:52:12 | 000,000,000 | ---D | M] -- C:\spiele
[2011.06.01 21:17:11 | 000,000,000 | ---D | M] -- C:\Stick
[2008.10.28 13:17:29 | 000,000,000 | ---D | M] -- C:\Swsetup
[2011.11.22 15:53:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.04.19 10:30:09 | 000,000,000 | ---D | M] -- C:\Temp
[2010.10.13 12:40:41 | 000,000,000 | ---D | M] -- C:\UNI
[2011.06.07 21:12:14 | 000,000,000 | ---D | M] -- C:\w a
[2011.11.18 22:07:13 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >
[1998.04.08 16:20:34 | 000,012,048 | ---- | M] (Microsoft Corporation) -- C:\Programme\cpugrab.exe
[2007.02.01 18:02:54 | 000,313,344 | ---- | M] () -- C:\Programme\hjsplit.exe
[2004.11.28 20:33:44 | 001,208,320 | ---- | M] (Derrow/Decision Development) -- C:\Programme\IfoEdit.exe
[2011.11.20 16:16:37 | 000,302,592 | ---- | M] () -- C:\Programme\quph0wdv.exe
[2009.08.13 11:14:17 | 000,472,064 | ---- | M] ( ) -- C:\Programme\RootRepeal.exe
[1997.10.16 15:25:20 | 000,143,872 | R--- | M] () -- C:\Programme\SlowDown.exe
[2002.11.06 20:42:38 | 000,237,568 | ---- | M] (Derrow/Decision Development) -- C:\Programme\VobEdit.exe

Invalid Environment Variable: LOCALAPPDATA

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]


< MD5 for: EXPLORER.EXE >
[2001.10.02 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: REGEDIT.EXE >
[2001.10.02 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 07:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 07:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2001.10.02 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2001.10.02 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.09.06 15:10:01 | 001,859,072 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-13 21:55:40

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0
@Alternate Data Stream - 137 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E8BE05FA

< End of report >

hanspans 10.12.2011 17:33
argh, classic fail. der anhang.

cosinus 16.12.2011 14:22
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


hanspans 22.12.2011 13:23
Hallo,

hier sind die angeforderten Logs. Danke schonmal soweit.

cosinus 22.12.2011 18:01
Mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

hanspans 22.12.2011 18:37
OTL Logfile:
Code:
OTL logfile created on: 22.12.2011 18:16:21 - Run 6
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\***\Desktop\anti
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,23% Memory free
3,85 Gb Paging File | 3,27 Gb Available in Paging File | 85,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 40,21 Gb Free Space | 8,63% Space Free | Partition Type: NTFS
 
Computer Name: SMN | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.22 12:57:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\anti\OTL.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.03.22 19:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2011.03.11 15:17:30 | 000,093,360 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Programme\Olympus\ib\olycamdetect.exe
PRC - [2010.04.05 23:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Programme\FolderSize\FolderSizeSvc.exe
PRC - [2009.07.20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.07.14 12:45:16 | 000,336,384 | ---- | M] (Portrait Displays, Inc) -- C:\Programme\Portrait Displays\HP My Display\dthtml.exe
PRC - [2008.07.14 12:43:04 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008.07.14 12:42:56 | 000,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\HookManager.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.09 11:17:30 | 000,694,008 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007.02.09 11:17:26 | 000,694,008 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\wpCtrl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.17 23:05:27 | 000,005,376 | ---- | M] () -- C:\WINDOWS\system32\antiwpa.dll
MOD - [2011.10.13 02:11:08 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011.10.13 02:11:02 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011.10.13 02:10:46 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011.10.13 02:10:17 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011.10.13 02:08:58 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.13 02:08:54 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011.10.13 02:08:45 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011.10.13 02:07:46 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.13 02:07:35 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011.10.11 13:59:51 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.08.09 20:50:00 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.08.09 20:49:56 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.05.30 21:07:27 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3776.37421__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.05.30 21:07:27 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3776.37526__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2010.05.30 21:07:27 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3776.37526__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2010.05.30 21:07:27 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3776.37530__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2010.05.30 21:07:27 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3776.37527__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2010.05.30 21:07:26 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3776.37425__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010.05.30 21:07:26 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3776.37478__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2010.05.30 21:07:26 | 000,380,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3776.37403__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:26 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3776.37494__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2010.05.30 21:07:26 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3776.37427__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.05.30 21:07:26 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3776.37489__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:26 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3776.37412__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3776.37465__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:26 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3776.37451__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3776.37413__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:25 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3776.37556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:25 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3776.37512__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:25 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3776.37426__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:25 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3776.37426__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:25 | 000,013,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3776.37556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:25 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3776.37553__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:24 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3776.37471__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3776.37472__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.05.30 21:07:24 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3776.37470__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:23 | 000,655,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3776.37525__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:23 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3776.37524__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:22 | 000,856,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3776.37455__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:22 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3776.37481__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.05.30 21:07:22 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3776.37416__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:22 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3776.37428__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:22 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3776.37454__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3776.37460__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3776.37460__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:21 | 000,749,568 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3776.37491__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:21 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3776.37467__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:21 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3776.37429__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:21 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3776.37453__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:21 | 000,376,832 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3776.37448__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:21 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3776.37452__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3776.37432__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:21 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3776.37462__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:20 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.05.30 21:07:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3776.37453__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.05.30 21:07:20 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3776.37397__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.05.30 21:07:20 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.05.30 21:07:20 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3776.37392__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.05.30 21:07:20 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3776.37509__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.05.30 21:07:20 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3776.37397__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010.05.30 21:07:20 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3776.37518__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010.05.30 21:07:20 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3776.37402__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.05.30 21:07:20 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3776.37398__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.05.30 21:07:19 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3776.37390__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.05.30 21:07:19 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3776.37392__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.05.30 21:07:19 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3776.37395__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.05.30 21:07:18 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3776.37395__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.05.30 21:07:18 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3776.37391__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.05.30 21:07:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.05.30 21:07:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3776.37504__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.05.30 21:07:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3776.37393__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.05.30 21:07:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2010.05.30 21:07:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3776.37394__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.05.30 21:07:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.05.30 21:07:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.05.30 21:07:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3776.37420__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.05.30 21:07:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3776.37412__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.05.30 21:07:18 | 000,009,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3776.37511__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2010.05.30 21:07:18 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3776.37393__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.05.30 21:07:18 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3776.37401__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.05.30 21:07:18 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3776.37396__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.05.30 21:07:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3776.37444__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.05.30 21:07:17 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3776.37523__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2010.05.30 21:07:17 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3776.37470__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.05.30 21:07:17 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3776.37510__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.05.30 21:07:17 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3776.37459__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010.05.30 21:07:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3776.37425__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2010.05.30 21:07:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3776.37402__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010.05.30 21:07:16 | 000,741,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3776.37546__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010.05.30 21:07:16 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3776.37489__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.05.30 21:07:16 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3776.37423__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.05.30 21:07:16 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3776.37452__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.05.30 21:07:16 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3776.37412__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.05.30 21:07:16 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3776.37519__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.05.30 21:07:16 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3776.37464__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.05.30 21:07:16 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3776.37413__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.05.30 21:07:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3776.37413__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010.05.30 21:07:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3776.37423__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.05.30 21:07:16 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3776.37393__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.05.30 21:07:16 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3776.37398__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.05.30 21:07:15 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3776.37505__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.05.30 21:07:15 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3776.37502__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.05.30 21:07:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3776.37396__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.05.30 21:07:15 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3776.37394__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.05.30 21:07:15 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3776.37395__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.05.30 21:07:15 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010.05.30 21:07:15 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010.05.30 21:07:15 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3776.37419__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.05.30 21:07:15 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3776.37400__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010.05.30 21:07:15 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3776.37398__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.05.30 21:07:14 | 000,577,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3776.37499__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010.05.30 21:07:14 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3776.37420__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.05.30 21:07:14 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3776.37400__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.05.30 21:07:14 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3776.37401__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010.05.30 21:07:14 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3776.37397__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.05.30 21:07:14 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3776.37407__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.05.30 21:07:13 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3776.37409__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.05.30 21:07:13 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3776.37399__90ba9c70f846762e\APM.Server.dll
MOD - [2010.05.30 21:07:13 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3776.37398__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.05.30 21:07:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3776.37406__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.05.30 21:07:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.05.30 21:07:13 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3776.37504__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.05.30 21:07:13 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3776.37425__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010.04.16 13:20:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009.07.20 11:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.10.28 00:46:32 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard\1.2.2924.20913__90ba9c70f846762e\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard.dll
MOD - [2008.07.14 12:43:12 | 000,151,552 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DThook.dll
MOD - [2008.07.14 12:43:06 | 000,077,824 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Plugins\CC\gui.dll
MOD - [2008.07.14 12:43:04 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
MOD - [2008.07.14 12:42:50 | 000,102,400 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2007.10.04 12:37:40 | 000,196,608 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\di2c.dll
MOD - [2007.02.09 11:17:30 | 000,694,008 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\Floater.exe
MOD - [2007.02.09 11:17:26 | 000,694,008 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007.02.09 11:16:08 | 000,245,760 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\Winphook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.31 04:41:36 | 000,243,712 | ---- | M] (SMServer) [On_Demand | Stopped] -- C:\WINDOWS\System32\snmvtsvc.exe -- (SMServer)
SRV - [2011.07.31 03:27:36 | 001,037,824 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\GSService.exe -- (GSService)
SRV - [2010.04.05 23:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2009.07.20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.28 22:01:22 | 000,326,192 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008.10.28 22:00:40 | 000,113,200 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Programme\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2008.10.28 22:00:08 | 000,399,920 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008.10.02 17:25:42 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.07.14 12:43:04 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] --  -- (xcpip)
DRV - [2011.12.10 15:27:04 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.01 05:13:24 | 000,023,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamdAudio.sys -- (CamdAudio)
DRV - [2011.02.22 01:00:52 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2011.02.22 01:00:39 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.02.22 01:00:39 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.02.16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010.08.25 18:39:02 | 000,013,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\prwntdrv.sys -- (prwntdrv)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.07 03:42:04 | 004,687,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.10.29 22:33:02 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2008.10.28 22:01:34 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2008.10.28 22:01:32 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2008.10.28 22:01:32 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2008.10.28 22:01:30 | 000,857,392 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2008.10.28 22:01:28 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2008.10.28 22:01:20 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2008.10.28 16:03:28 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2008.10.28 16:03:28 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2008.10.02 17:24:48 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.08.06 14:29:46 | 000,094,720 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camfilt2.sys -- (camfilt2)
DRV - [2007.07.17 17:07:42 | 010,371,072 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.06.24 20:56:54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.05.10 11:28:08 | 004,419,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.04.14 09:28:00 | 000,094,592 | R--- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.04.03 13:57:54 | 000,099,080 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007.04.03 13:57:52 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
DRV - [2007.04.03 13:57:52 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007.04.03 13:57:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM)
DRV - [2007.04.03 13:57:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007.04.03 13:57:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007.04.03 13:57:42 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007.02.09 11:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007.02.09 11:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006.12.28 04:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006.11.16 16:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.03.02 17:24:30 | 000,133,504 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AF05BDA.sys -- (AF05BDA)
DRV - [2003.04.19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003.03.02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2001.08.17 13:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "YouTube Video Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.1.3.21
FF - prefs.js..extensions.enabledItems: tiletabs@DW-dev:4.10
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.13 15:28:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.07.05 09:50:39 | 000,000,000 | ---D | M]
 
[2010.04.17 07:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2011.12.22 06:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\extensions
[2011.05.16 00:17:37 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2011.11.10 15:22:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.08 18:51:12 | 000,000,000 | ---D | M] (QuickDrag) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2010.03.05 13:35:25 | 000,001,820 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\bing.xml
[2009.02.11 00:49:44 | 000,002,298 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\lastfm.xml
[2008.10.29 18:08:15 | 000,001,660 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\leo-deu-eng.xml
[2011.07.18 21:46:39 | 000,001,729 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\linguee-de-en.xml
[2011.01.23 23:36:02 | 000,008,037 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\mobygames.xml
[2011.12.21 21:26:37 | 000,001,242 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\plattentestsde-all.xml
[2008.10.30 15:57:18 | 000,002,006 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\urban-dictionary.xml
[2008.10.29 18:08:43 | 000,001,330 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\wikipedia-en.xml
[2009.01.07 21:56:44 | 000,001,334 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\wiktionary-de.xml
[2008.10.29 21:04:22 | 000,002,108 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\searchplugins\youtube-video-search.xml
[2011.11.17 00:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.22 21:13:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.27 06:45:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.11.17 00:36:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TDE1CIQ2.DEFAULT\EXTENSIONS\{11483926-DB67-4190-91B1-EF20FCEC5F33}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TDE1CIQ2.DEFAULT\EXTENSIONS\{C6FB3A99-0BF0-4AB3-9B5B-9FE631D6CDE3}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TDE1CIQ2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TDE1CIQ2.DEFAULT\EXTENSIONS\TILEVIEW@DW-DEV.XPI
[2011.08.31 12:53:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.10.13 15:28:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.13 15:28:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.13 15:28:12 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.13 15:28:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.13 15:28:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.13 15:28:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.13 15:28:12 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.16 14:13:10 | 000,000,355 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        localhost
O1 - Hosts: ::1                        localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found
O4 - HKLM..\Run: [DT HPW] C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Programme\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Olympus ib] C:\Programme\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PivotSoftware] C:\Programme\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AeroSnap] C:\Programme\AeroSnap\AeroSnap.exe File not found
O4 - HKCU..\Run: [Olympus ib] C:\Programme\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Programme\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Programme\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programme\MelodyCan\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programme\MelodyCan\YouTubeRipper.dll ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Programme\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Programme\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225197402253 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225197551362 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{133A85F3-90C1-470B-926E-F570BCC95CA7}: DhcpNameServer = 192.168.220.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Antiwpa: DllName - (antiwpa.dll) - C:\WINDOWS\System32\antiwpa.dll ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.28 00:06:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{10560302-7d58-11e0-8823-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{10560302-7d58-11e0-8823-005056c00008}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{10560302-7d58-11e0-8823-005056c00008}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{7499571c-698e-11e0-87f6-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{7499571c-698e-11e0-87f6-005056c00008}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7499571c-698e-11e0-87f6-005056c00008}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "VMware NAT Service"
MsConfig - Services: "VMnetDHCP"
MsConfig - Services: "VMAuthdService"
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: CamserviceDeluxe2 - hkey= - key= - C:\Programme\Hercules\Deluxe Optical Glass\Camservice.exe (Guillemot Corporation S.A.)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= -  File not found
MsConfig - StartUpReg: NBKeyScan - hkey= - key= -  File not found
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
MsConfig - StartUpReg: VMware hqtray - hkey= - key= - C:\Programme\VMware\VMware Player\hqtray.exe (VMware, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: prwntdrv - C:\WINDOWS\system32\prwntdrv.sys ()
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: prwntdrv - C:\WINDOWS\system32\prwntdrv.sys ()
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\IR41_32.DLL (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VMnc - C:\WINDOWS\System32\vmnc.dll (VMware, Inc.)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.22 13:26:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011.12.22 07:01:57 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.12.22 07:00:29 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe
[2011.11.20 15:03:03 | 000,472,064 | ---- | C] ( ) -- C:\Programme\RootRepeal.exe
[2009.09.20 23:07:41 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009.09.20 23:07:41 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009.03.10 13:10:08 | 000,012,048 | ---- | C] (Microsoft Corporation) -- C:\Programme\cpugrab.exe
[2009.02.12 13:49:14 | 000,237,568 | ---- | C] (Derrow/Decision Development) -- C:\Programme\VobEdit.exe
[2009.02.12 06:10:03 | 001,208,320 | ---- | C] (Derrow/Decision Development) -- C:\Programme\IfoEdit.exe
[82 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[77 C:\Dokumente und Einstellungen\***\*.tmp files -> C:\Dokumente und Einstellungen\***\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.22 13:08:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.22 13:08:25 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.22 11:11:08 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011.12.22 07:00:30 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe
[2011.12.21 22:37:27 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.12.21 20:45:30 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.10 15:27:04 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.12.01 17:42:16 | 000,120,320 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[82 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[77 C:\Dokumente und Einstellungen\***\*.tmp files -> C:\Dokumente und Einstellungen\***\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.21 22:37:27 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.12.10 13:41:12 | 2146,816,000 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.20 16:51:35 | 000,302,592 | ---- | C] () -- C:\Programme\quph0wdv.exe
[2011.11.20 15:03:13 | 000,000,000 | ---- | C] () -- C:\Programme\settings.dat
[2011.11.17 23:05:27 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll
[2011.10.17 19:25:54 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe
[2011.09.04 02:15:37 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011.09.04 02:15:37 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2011.08.09 19:16:10 | 001,037,824 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe
[2011.05.27 14:30:44 | 000,000,408 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Checksum.ini
[2011.05.24 13:53:30 | 000,098,696 | ---- | C] () -- C:\WINDOWS\System32\setupprwdrv03.exe
[2011.05.24 13:53:30 | 000,013,064 | ---- | C] () -- C:\WINDOWS\System32\prwntdrv.sys
[2011.05.03 16:09:22 | 000,029,346 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2011.04.09 18:00:43 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2011.02.20 21:02:27 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2011.02.20 21:02:26 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2011.02.16 07:55:08 | 000,015,838 | ---- | C] () -- C:\WINDOWS\System32\win32wnd09.dll
[2011.02.16 07:55:08 | 000,010,118 | ---- | C] () -- C:\WINDOWS\System32\cfgjvjpu09.dll
[2010.06.01 21:44:11 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2010.06.01 21:33:09 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010.06.01 21:33:09 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010.06.01 21:33:09 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010.05.13 13:18:35 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010.05.13 13:18:34 | 000,202,234 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010.05.13 13:18:34 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010.03.10 19:04:18 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\downloads.m3u
[2009.12.08 10:06:55 | 002,828,156 | ---- | C] () -- C:\Programme\u
[2009.12.03 16:51:28 | 000,000,020 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2009.09.24 16:53:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2009.09.20 23:07:41 | 000,015,478 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009.09.20 23:06:51 | 003,600,384 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe
[2009.08.20 11:54:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.07.09 07:51:40 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\setup_ldm.iss
[2009.05.05 18:50:00 | 000,000,126 | ---- | C] () -- C:\WINDOWS\_delis43.ini
[2009.03.30 09:08:17 | 000,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
[2009.03.10 02:52:01 | 000,143,872 | R--- | C] () -- C:\Programme\SlowDown.exe
[2009.03.07 14:32:01 | 000,000,215 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\default.rss
[2009.02.12 13:54:31 | 000,000,133 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2009.02.12 06:09:55 | 000,000,346 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2009.02.12 05:31:29 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009.02.03 00:21:16 | 000,313,344 | ---- | C] () -- C:\Programme\hjsplit.exe
[2009.01.23 15:50:54 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009.01.05 21:01:16 | 1150,156,800 | ---- | C] () -- C:\Programme\msoffice_2007_se_frost-rl.iso
[2008.11.18 00:19:21 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.11.18 00:19:19 | 002,121,235 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008.11.18 00:19:19 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.11.18 00:19:19 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.11.18 00:19:18 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.11.13 20:59:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008.11.12 16:37:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008.11.12 16:36:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.11.04 23:25:24 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2008.11.04 23:24:43 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008.10.29 21:22:44 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008.10.28 14:46:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.10.28 14:46:03 | 000,120,320 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.28 13:34:29 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008.10.28 13:33:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.10.28 00:57:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.10.28 00:56:10 | 000,196,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.10.28 00:49:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008.10.28 00:35:53 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.10.28 00:12:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.10.28 00:04:21 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.09.19 22:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007.08.21 10:51:16 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007.08.21 08:36:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2006.11.02 16:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2001.10.02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.02 14:00:00 | 000,455,018 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001.10.02 14:00:00 | 000,438,372 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.10.02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.02 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001.10.02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.02 14:00:00 | 000,082,740 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001.10.02 14:00:00 | 000,069,794 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.10.02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.02 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001.10.02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.10.02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001.10.02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2009.01.19 21:38:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy
[2011.09.01 22:05:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010.09.16 14:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2011.03.02 11:36:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG
[2008.12.04 22:49:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
[2011.11.18 12:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2009.01.09 01:44:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2011.05.25 20:19:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.02.22 01:05:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.minecraft
[2010.02.27 01:31:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AeroSnapApp
[2011.02.16 00:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AtomZombieDemoData
[2009.10.23 15:25:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Bioshock
[2011.03.02 18:33:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Braid
[2008.10.28 21:07:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Broken Sword 2.5
[2011.05.25 13:50:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ChemAxon
[2009.02.03 00:49:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools
[2011.09.01 23:09:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
[2009.02.03 00:49:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Pro
[2010.06.01 21:47:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DisplayTune
[2011.08.09 20:59:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoft
[2011.08.09 20:59:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.08.05 12:08:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\foobar2000
[2011.08.06 01:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Free Download Manager
[2011.06.14 19:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GrabPro
[2010.11.25 16:52:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
[2011.06.14 23:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hensense.com
[2011.03.23 20:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2008.11.05 00:15:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite
[2010.05.31 22:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IsolatedStorage
[2008.10.28 01:04:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2011.04.11 07:57:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MusicBee
[2009.04.22 10:38:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MyPhoneExplorer
[2011.06.14 23:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Orbit
[2011.06.14 19:13:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ProgSense
[2011.05.24 16:32:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\R-TT
[2011.04.01 12:09:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScummVM
[2010.05.31 22:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Symyx
[2009.01.09 01:59:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teleca
[2011.08.05 01:33:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\VMLoad
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.02.22 01:05:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.minecraft
[2009.08.21 14:09:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AccurateRip
[2010.11.04 20:29:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe
[2010.02.27 01:31:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AeroSnapApp
[2010.05.30 21:07:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ATI
[2011.02.16 00:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AtomZombieDemoData
[2011.10.15 08:09:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira
[2009.10.23 15:25:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Bioshock
[2011.03.02 18:33:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Braid
[2008.10.28 21:07:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Broken Sword 2.5
[2011.05.25 13:50:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ChemAxon
[2011.05.05 22:21:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CyberLink
[2009.02.03 00:49:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools
[2011.09.01 23:09:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
[2009.02.03 00:49:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Pro
[2010.06.01 21:47:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DisplayTune
[2010.09.30 11:16:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DivX
[2011.10.24 14:44:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\dvdcss
[2011.08.09 20:59:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoft
[2011.08.09 20:59:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.08.05 12:08:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\foobar2000
[2011.08.06 01:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Free Download Manager
[2011.06.14 19:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GrabPro
[2010.11.25 16:52:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
[2010.03.01 13:30:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Help
[2011.06.14 23:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hensense.com
[2011.03.23 20:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2008.11.05 00:15:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite
[2008.10.28 00:15:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities
[2008.10.28 00:27:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield
[2010.05.31 22:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IsolatedStorage
[2008.10.28 01:04:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2008.10.28 01:04:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Logitech
[2008.10.28 13:34:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia
[2011.11.17 22:10:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2008.10.28 14:55:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Media Player Classic
[2011.01.05 22:51:31 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft
[2010.04.17 07:26:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla
[2011.04.11 07:57:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MusicBee
[2009.04.22 10:38:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MyPhoneExplorer
[2009.02.12 05:41:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nero
[2011.06.14 23:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Orbit
[2011.06.14 19:13:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ProgSense
[2011.05.24 16:32:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\R-TT
[2009.01.23 14:12:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Real
[2011.04.01 12:09:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScummVM
[2009.02.04 16:46:59 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SecuROM
[2011.06.20 21:10:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
[2011.06.20 19:31:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM
[2009.01.09 01:44:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sony Ericsson
[2008.12.02 22:25:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun
[2010.05.31 22:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Symyx
[2008.10.28 13:33:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Talkback
[2009.01.09 01:59:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teleca
[2009.05.13 16:38:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc
[2011.08.05 01:33:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\VMLoad
[2010.08.21 09:34:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\VMware
[2011.12.13 18:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Winamp
[2008.10.28 14:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.01.14 11:37:52 | 000,232,501 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.minecraft\Minecraft.exe
[2009.09.22 15:49:18 | 000,003,262 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe
[2009.09.22 15:49:18 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe
[2009.09.20 22:56:06 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2001.10.02 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2001.10.02 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2001.10.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2001.10.02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2001.10.02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2001.10.02 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2001.10.02 14:00:00 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2001.10.02 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: VAXSCSI.SYS  >
[2008.10.29 22:33:02 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) MD5=92CEBC2BC7BE2C8D49391B365569F306 -- C:\WINDOWS\system32\drivers\vaxscsi.sys
 
< MD5 for: WINLOGON.EXE  >
[2001.10.02 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.10.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.10.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.10.28 01:55:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.10.28 01:55:44 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.10.28 01:55:44 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 487 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0
@Alternate Data Stream - 137 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E8BE05FA

< End of report >
--- --- ---

cosinus 22.12.2011 18:45
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
PRC - [2011.03.22 19:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
DRV - File not found [Kernel | On_Demand | Running] --  -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] --  -- (xcpip)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.28 00:06:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{10560302-7d58-11e0-8823-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{10560302-7d58-11e0-8823-005056c00008}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{10560302-7d58-11e0-8823-005056c00008}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{7499571c-698e-11e0-87f6-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{7499571c-698e-11e0-87f6-005056c00008}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7499571c-698e-11e0-87f6-005056c00008}\Shell\AutoRun\command - "" = F:\PcOptions.exe
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
@Alternate Data Stream - 487 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0
@Alternate Data Stream - 137 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E8BE05FA
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

hanspans 22.12.2011 20:43
All processes killed
========== OTL ==========
No active process named winampa.exe was found!
Error: Unable to stop service xpsec!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xpsec deleted successfully.
Error: Unable to stop service xcpip!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xcpip deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
C:\Programme\Winamp\winampa.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10560302-7d58-11e0-8823-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10560302-7d58-11e0-8823-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10560302-7d58-11e0-8823-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10560302-7d58-11e0-8823-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10560302-7d58-11e0-8823-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10560302-7d58-11e0-8823-005056c00008}\ not found.
File F:\PcOptions.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7499571c-698e-11e0-87f6-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7499571c-698e-11e0-87f6-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7499571c-698e-11e0-87f6-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7499571c-698e-11e0-87f6-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7499571c-698e-11e0-87f6-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7499571c-698e-11e0-87f6-005056c00008}\ not found.
File F:\PcOptions.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\WinampAgent\ deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E8BE05FA deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1391944 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: ***
->Temp folder emptied: 5947605823 bytes
->Temporary Internet Files folder emptied: 327095182 bytes
->Java cache emptied: 104006671 bytes
->FireFox cache emptied: 519760230 bytes
->Flash cache emptied: 802832 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3082382 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18553452 bytes
RecycleBin emptied: 107008 bytes

Total Files Cleaned = 6.602,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12222011_202847

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\9d53bda0 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\b7772a9 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\e0c2397d scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\f14da852 scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 22.12.2011 21:22
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

hanspans 22.12.2011 22:34
22:28:37.0718 6088 TDSS rootkit removing tool 2.6.24.0 Dec 22 2011 18:21:27
22:28:37.0859 6088 ============================================================
22:28:37.0859 6088 Current date / time: 2011/12/22 22:28:37.0859
22:28:37.0859 6088 SystemInfo:
22:28:37.0859 6088
22:28:37.0859 6088 OS Version: 5.1.2600 ServicePack: 3.0
22:28:37.0859 6088 Product type: Workstation
22:28:37.0859 6088 ComputerName: SMN
22:28:37.0859 6088 UserName: ***
22:28:37.0859 6088 Windows directory: C:\WINDOWS
22:28:37.0859 6088 System windows directory: C:\WINDOWS
22:28:37.0859 6088 Processor architecture: Intel x86
22:28:37.0859 6088 Number of processors: 2
22:28:37.0859 6088 Page size: 0x1000
22:28:37.0859 6088 Boot type: Normal boot
22:28:37.0859 6088 ============================================================
22:28:38.0750 6088 Initialize success
22:30:52.0218 3680 ============================================================
22:30:52.0218 3680 Scan started
22:30:52.0218 3680 Mode: Manual; SigCheck; TDLFS;
22:30:52.0218 3680 ============================================================
22:30:52.0859 3680 Abiosdsk - ok
22:30:52.0875 3680 abp480n5 - ok
22:30:52.0906 3680 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:30:53.0328 3680 ACPI - ok
22:30:53.0390 3680 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:30:53.0890 3680 ACPIEC - ok
22:30:53.0890 3680 adpu160m - ok
22:30:53.0921 3680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:30:54.0015 3680 aec - ok
22:30:54.0031 3680 AF05BDA (4c35b9b2d62c1f6f66d07125c7cdbd8b) C:\WINDOWS\system32\drivers\AF05BDA.sys
22:30:54.0093 3680 AF05BDA - ok
22:30:54.0140 3680 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:30:54.0187 3680 AFD - ok
22:30:54.0203 3680 Aha154x - ok
22:30:54.0218 3680 aic78u2 - ok
22:30:54.0218 3680 aic78xx - ok
22:30:54.0234 3680 AliIde - ok
22:30:54.0250 3680 AmdK8 (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:30:54.0281 3680 AmdK8 - ok
22:30:54.0328 3680 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
22:30:54.0343 3680 AmdLLD - ok
22:30:54.0359 3680 amsint - ok
22:30:54.0359 3680 asc - ok
22:30:54.0375 3680 asc3350p - ok
22:30:54.0375 3680 asc3550 - ok
22:30:54.0406 3680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:30:54.0500 3680 AsyncMac - ok
22:30:54.0515 3680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:30:54.0609 3680 atapi - ok
22:30:54.0625 3680 Atdisk - ok
22:30:54.0734 3680 ati2mtag (c026951271d59ff97deb2a6b4895b416) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:30:54.0890 3680 ati2mtag - ok
22:30:54.0921 3680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:30:55.0031 3680 Atmarpc - ok
22:30:55.0062 3680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:30:55.0140 3680 audstub - ok
22:30:55.0171 3680 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:30:55.0203 3680 avgntflt - ok
22:30:55.0234 3680 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:30:55.0250 3680 avipbb - ok
22:30:55.0281 3680 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:30:55.0281 3680 avkmgr - ok
22:30:55.0296 3680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:30:55.0406 3680 Beep - ok
22:30:55.0468 3680 Btcsrusb (fb2abc6d08d9f8d5ed8e02cbd18b39bb) C:\WINDOWS\system32\Drivers\btcusb.sys
22:30:55.0468 3680 Btcsrusb - ok
22:30:55.0500 3680 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
22:30:55.0593 3680 BthEnum - ok
22:30:55.0609 3680 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
22:30:55.0703 3680 BthPan - ok
22:30:55.0750 3680 BTHPORT (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
22:30:55.0781 3680 BTHPORT - ok
22:30:55.0812 3680 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
22:30:55.0890 3680 BTHUSB - ok
22:30:55.0906 3680 CamdAudio (2504a70cc2ee4141edea21117dd3500f) C:\WINDOWS\system32\drivers\CamdAudio.sys
22:30:55.0921 3680 CamdAudio - ok
22:30:55.0937 3680 camfilt2 (088c0978203d59425a12b2a53fccd02b) C:\WINDOWS\system32\DRIVERS\camfilt2.sys
22:30:55.0953 3680 camfilt2 ( UnsignedFile.Multi.Generic ) - warning
22:30:55.0953 3680 camfilt2 - detected UnsignedFile.Multi.Generic (1)
22:30:55.0984 3680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:30:56.0078 3680 cbidf2k - ok
22:30:56.0125 3680 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:30:56.0203 3680 CCDECODE - ok
22:30:56.0234 3680 cd20xrnt - ok
22:30:56.0234 3680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:30:56.0328 3680 Cdaudio - ok
22:30:56.0359 3680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:30:56.0437 3680 Cdfs - ok
22:30:56.0453 3680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:30:56.0531 3680 Cdrom - ok
22:30:56.0531 3680 Changer - ok
22:30:56.0546 3680 CmdIde - ok
22:30:56.0562 3680 Cpqarray - ok
22:30:56.0578 3680 dac2w2k - ok
22:30:56.0578 3680 dac960nt - ok
22:30:56.0593 3680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:30:56.0687 3680 Disk - ok
22:30:56.0718 3680 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
22:30:56.0828 3680 dmboot - ok
22:30:56.0843 3680 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
22:30:56.0937 3680 dmio - ok
22:30:56.0937 3680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:30:57.0031 3680 dmload - ok
22:30:57.0046 3680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:30:57.0125 3680 DMusic - ok
22:30:57.0140 3680 dpti2o - ok
22:30:57.0156 3680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:30:57.0234 3680 drmkaud - ok
22:30:57.0265 3680 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\WINDOWS\system32\drivers\enodpl.sys
22:30:57.0265 3680 enodpl ( UnsignedFile.Multi.Generic ) - warning
22:30:57.0265 3680 enodpl - detected UnsignedFile.Multi.Generic (1)
22:30:57.0296 3680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:30:57.0390 3680 Fastfat - ok
22:30:57.0406 3680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:30:57.0500 3680 Fdc - ok
22:30:57.0515 3680 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
22:30:57.0609 3680 Fips - ok
22:30:57.0625 3680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:30:57.0703 3680 Flpydisk - ok
22:30:57.0718 3680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:30:57.0812 3680 FltMgr - ok
22:30:57.0828 3680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:30:57.0906 3680 Fs_Rec - ok
22:30:57.0921 3680 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:30:58.0015 3680 Ftdisk - ok
22:30:58.0031 3680 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys
22:30:58.0093 3680 GcKernel - ok
22:30:58.0140 3680 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
22:30:58.0140 3680 ggflt - ok
22:30:58.0171 3680 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
22:30:58.0187 3680 ggsemc - ok
22:30:58.0187 3680 GMSIPCI - ok
22:30:58.0203 3680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:30:58.0281 3680 Gpc - ok
22:30:58.0312 3680 hcmon (dffc465c0a31dd2a86c4dd0a552aded8) C:\WINDOWS\system32\drivers\hcmon.sys
22:30:58.0312 3680 hcmon - ok
22:30:58.0328 3680 HdAudAddService (56bf27d7a539f9e6bbc1de201aba0edf) C:\WINDOWS\system32\drivers\AtiHdAud.sys
22:30:58.0359 3680 HdAudAddService - ok
22:30:58.0375 3680 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:30:58.0468 3680 HDAudBus - ok
22:30:58.0500 3680 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
22:30:58.0546 3680 HIDSwvd - ok
22:30:58.0562 3680 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:30:58.0640 3680 hidusb - ok
22:30:58.0656 3680 hpn - ok
22:30:58.0703 3680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:30:58.0734 3680 HTTP - ok
22:30:58.0750 3680 i2omgmt - ok
22:30:58.0765 3680 i2omp - ok
22:30:58.0781 3680 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:30:58.0859 3680 i8042prt - ok
22:30:58.0875 3680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:30:58.0968 3680 Imapi - ok
22:30:58.0984 3680 ini910u - ok
22:30:59.0078 3680 IntcAzAudAddService (a799e941c3d19bcf6f93cbe12b55bc17) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:30:59.0250 3680 IntcAzAudAddService - ok
22:30:59.0265 3680 IntelIde - ok
22:30:59.0281 3680 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:30:59.0375 3680 Ip6Fw - ok
22:30:59.0406 3680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:30:59.0500 3680 IpFilterDriver - ok
22:30:59.0515 3680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:30:59.0609 3680 IpInIp - ok
22:30:59.0625 3680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:30:59.0718 3680 IpNat - ok
22:30:59.0734 3680 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:30:59.0828 3680 IPSec - ok
22:30:59.0843 3680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:30:59.0875 3680 IRENUM - ok
22:30:59.0906 3680 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:30:59.0984 3680 isapnp - ok
22:31:00.0015 3680 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:31:00.0109 3680 Kbdclass - ok
22:31:00.0109 3680 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:31:00.0187 3680 kbdhid - ok
22:31:00.0203 3680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:31:00.0296 3680 kmixer - ok
22:31:00.0312 3680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:31:00.0328 3680 KSecDD - ok
22:31:00.0343 3680 lbrtfdc - ok
22:31:00.0375 3680 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
22:31:00.0375 3680 LHidFilt - ok
22:31:00.0406 3680 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
22:31:00.0406 3680 LMouFilt - ok
22:31:00.0437 3680 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
22:31:00.0437 3680 MBAMProtector - ok
22:31:00.0453 3680 MBAMSwissArmy - ok
22:31:00.0484 3680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:31:00.0562 3680 mnmdd - ok
22:31:00.0593 3680 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
22:31:00.0687 3680 Modem - ok
22:31:00.0703 3680 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:31:00.0796 3680 Mouclass - ok
22:31:00.0812 3680 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:31:00.0906 3680 mouhid - ok
22:31:00.0906 3680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:31:01.0000 3680 MountMgr - ok
22:31:01.0046 3680 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
22:31:01.0125 3680 MPE - ok
22:31:01.0125 3680 mraid35x - ok
22:31:01.0140 3680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:31:01.0250 3680 MRxDAV - ok
22:31:01.0281 3680 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:31:01.0328 3680 MRxSmb - ok
22:31:01.0343 3680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:31:01.0437 3680 Msfs - ok
22:31:01.0453 3680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:31:01.0546 3680 MSKSSRV - ok
22:31:01.0562 3680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:31:01.0640 3680 MSPCLOCK - ok
22:31:01.0640 3680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:31:01.0734 3680 MSPQM - ok
22:31:01.0750 3680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:31:01.0828 3680 mssmbios - ok
22:31:01.0843 3680 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:31:01.0937 3680 MSTEE - ok
22:31:01.0953 3680 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:31:01.0984 3680 Mup - ok
22:31:02.0031 3680 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:31:02.0109 3680 NABTSFEC - ok
22:31:02.0125 3680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:31:02.0203 3680 NDIS - ok
22:31:02.0218 3680 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:31:02.0296 3680 NdisIP - ok
22:31:02.0328 3680 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:31:02.0328 3680 NdisTapi - ok
22:31:02.0343 3680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:31:02.0437 3680 Ndisuio - ok
22:31:02.0437 3680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:31:02.0531 3680 NdisWan - ok
22:31:02.0578 3680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:31:02.0609 3680 NDProxy - ok
22:31:02.0625 3680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:31:02.0718 3680 NetBIOS - ok
22:31:02.0734 3680 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:31:02.0828 3680 NetBT - ok
22:31:02.0859 3680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:31:02.0937 3680 Npfs - ok
22:31:02.0953 3680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:31:03.0078 3680 Ntfs - ok
22:31:03.0093 3680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:31:03.0171 3680 Null - ok
22:31:03.0187 3680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:31:03.0281 3680 NwlnkFlt - ok
22:31:03.0296 3680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:31:03.0375 3680 NwlnkFwd - ok
22:31:03.0406 3680 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
22:31:03.0484 3680 Parport - ok
22:31:03.0484 3680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:31:03.0578 3680 PartMgr - ok
22:31:03.0593 3680 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:31:03.0671 3680 ParVdm - ok
22:31:03.0671 3680 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
22:31:03.0765 3680 PCI - ok
22:31:03.0765 3680 PCIDump - ok
22:31:03.0781 3680 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:31:03.0875 3680 PCIIde - ok
22:31:03.0890 3680 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:31:03.0968 3680 Pcmcia - ok
22:31:03.0984 3680 PDCOMP - ok
22:31:03.0984 3680 PDFRAME - ok
22:31:04.0046 3680 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\WINDOWS\system32\Drivers\PdiPorts.sys
22:31:04.0046 3680 PdiPorts - ok
22:31:04.0046 3680 PDRELI - ok
22:31:04.0062 3680 PDRFRAME - ok
22:31:04.0062 3680 perc2 - ok
22:31:04.0078 3680 perc2hib - ok
22:31:04.0109 3680 Pivot (943f840611d33832308ec5310b616b57) C:\WINDOWS\system32\drivers\pivot.sys
22:31:04.0125 3680 Pivot ( UnsignedFile.Multi.Generic ) - warning
22:31:04.0125 3680 Pivot - detected UnsignedFile.Multi.Generic (1)
22:31:04.0140 3680 pivotmou (998c58295288eedfbfe95e7f6cc94df4) C:\WINDOWS\system32\drivers\pivotmou.sys
22:31:04.0156 3680 pivotmou ( UnsignedFile.Multi.Generic ) - warning
22:31:04.0156 3680 pivotmou - detected UnsignedFile.Multi.Generic (1)
22:31:04.0187 3680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:31:04.0265 3680 PptpMiniport - ok
22:31:04.0281 3680 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
22:31:04.0359 3680 Processor - ok
22:31:04.0390 3680 prwntdrv (c590535d68fd6c84707dc1debd2afd68) C:\WINDOWS\system32\prwntdrv.sys
22:31:04.0453 3680 prwntdrv ( UnsignedFile.Multi.Generic ) - warning
22:31:04.0453 3680 prwntdrv - detected UnsignedFile.Multi.Generic (1)
22:31:04.0453 3680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:31:04.0531 3680 PSched - ok
22:31:04.0531 3680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:31:04.0609 3680 Ptilink - ok
22:31:04.0640 3680 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:31:04.0640 3680 PxHelp20 - ok
22:31:04.0640 3680 ql1080 - ok
22:31:04.0656 3680 Ql10wnt - ok
22:31:04.0656 3680 ql12160 - ok
22:31:04.0671 3680 ql1240 - ok
22:31:04.0671 3680 ql1280 - ok
22:31:04.0687 3680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:31:04.0765 3680 RasAcd - ok
22:31:04.0781 3680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:31:04.0875 3680 Rasl2tp - ok
22:31:04.0890 3680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:31:04.0984 3680 RasPppoe - ok
22:31:04.0984 3680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:31:05.0062 3680 Raspti - ok
22:31:05.0078 3680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:31:05.0156 3680 Rdbss - ok
22:31:05.0156 3680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:31:05.0234 3680 RDPCDD - ok
22:31:05.0250 3680 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:31:05.0328 3680 rdpdr - ok
22:31:05.0359 3680 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:31:05.0406 3680 RDPWD - ok
22:31:05.0468 3680 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:31:05.0546 3680 redbook - ok
22:31:05.0578 3680 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
22:31:05.0640 3680 RFCOMM - ok
22:31:05.0687 3680 RTLE8023xp (e6e5af7d6920824b066832d3e1665506) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:31:05.0703 3680 RTLE8023xp - ok
22:31:05.0734 3680 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
22:31:05.0750 3680 s116bus - ok
22:31:05.0781 3680 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
22:31:05.0781 3680 s116mdfl - ok
22:31:05.0812 3680 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
22:31:05.0812 3680 s116mdm - ok
22:31:05.0843 3680 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
22:31:05.0843 3680 s116mgmt - ok
22:31:05.0859 3680 s116nd5 (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys
22:31:05.0875 3680 s116nd5 - ok
22:31:05.0875 3680 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
22:31:05.0890 3680 s116obex - ok
22:31:05.0906 3680 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys
22:31:05.0906 3680 s116unic - ok
22:31:05.0937 3680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:31:05.0984 3680 Secdrv - ok
22:31:06.0062 3680 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
22:31:06.0078 3680 seehcri - ok
22:31:06.0078 3680 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:31:06.0171 3680 serenum - ok
22:31:06.0187 3680 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
22:31:06.0265 3680 Serial - ok
22:31:06.0281 3680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:31:06.0359 3680 Sfloppy - ok
22:31:06.0375 3680 Simbad - ok
22:31:06.0406 3680 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:31:06.0515 3680 SLIP - ok
22:31:06.0718 3680 SNPSTD3 (9cd6ffc9f5b999eb5df69b9177d9848f) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
22:31:07.0031 3680 SNPSTD3 ( UnsignedFile.Multi.Generic ) - warning
22:31:07.0031 3680 SNPSTD3 - detected UnsignedFile.Multi.Generic (1)
22:31:07.0078 3680 Sparrow - ok
22:31:07.0109 3680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:31:07.0187 3680 splitter - ok
22:31:07.0203 3680 sptd - ok
22:31:07.0218 3680 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
22:31:07.0250 3680 sr - ok
22:31:07.0281 3680 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:31:07.0328 3680 Srv - ok
22:31:07.0406 3680 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:31:07.0421 3680 ssmdrv - ok
22:31:07.0453 3680 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:31:07.0546 3680 streamip - ok
22:31:07.0578 3680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:31:07.0656 3680 swenum - ok
22:31:07.0671 3680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:31:07.0750 3680 swmidi - ok
22:31:07.0765 3680 symc810 - ok
22:31:07.0781 3680 symc8xx - ok
22:31:07.0781 3680 sym_hi - ok
22:31:07.0796 3680 sym_u3 - ok
22:31:07.0796 3680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:31:07.0890 3680 sysaudio - ok
22:31:07.0921 3680 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\WINDOWS\system32\drivers\tandpl.sys
22:31:07.0921 3680 tandpl ( UnsignedFile.Multi.Generic ) - warning
22:31:07.0921 3680 tandpl - detected UnsignedFile.Multi.Generic (1)
22:31:07.0953 3680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:31:08.0000 3680 Tcpip - ok
22:31:08.0031 3680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:31:08.0125 3680 TDPIPE - ok
22:31:08.0140 3680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:31:08.0218 3680 TDTCP - ok
22:31:08.0234 3680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:31:08.0312 3680 TermDD - ok
22:31:08.0328 3680 TosIde - ok
22:31:08.0359 3680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:31:08.0421 3680 Udfs - ok
22:31:08.0437 3680 ultra - ok
22:31:08.0468 3680 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:31:08.0562 3680 Update - ok
22:31:08.0593 3680 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:31:08.0671 3680 usbaudio - ok
22:31:08.0687 3680 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:31:08.0765 3680 usbccgp - ok
22:31:08.0781 3680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:31:08.0875 3680 usbehci - ok
22:31:08.0921 3680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:31:08.0984 3680 usbhub - ok
22:31:09.0000 3680 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:31:09.0078 3680 usbohci - ok
22:31:09.0109 3680 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:31:09.0171 3680 usbscan - ok
22:31:09.0187 3680 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:31:09.0281 3680 USBSTOR - ok
22:31:09.0296 3680 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
22:31:09.0328 3680 vaxscsi - ok
22:31:09.0328 3680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:31:09.0406 3680 VgaSave - ok
22:31:09.0421 3680 ViaIde - ok
22:31:09.0437 3680 vmci (a131387e5bfdfc27debda8428ea14173) C:\WINDOWS\system32\Drivers\vmci.sys
22:31:09.0437 3680 vmci - ok
22:31:09.0484 3680 vmkbd (9450172735eca807d3ae92bbc04dcb5c) C:\WINDOWS\system32\drivers\VMkbd.sys
22:31:09.0484 3680 vmkbd - ok
22:31:09.0484 3680 VMnetAdapter (898706a05d20b706848a440961c52436) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
22:31:09.0500 3680 VMnetAdapter - ok
22:31:09.0515 3680 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
22:31:09.0515 3680 VMnetBridge - ok
22:31:09.0531 3680 VMnetuserif (7cccbc8a9be8766a32a8d26f52f9f31c) C:\WINDOWS\system32\drivers\vmnetuserif.sys
22:31:09.0546 3680 VMnetuserif - ok
22:31:09.0562 3680 VMparport (742bbfe7e125a3b0169ab303fa73ba4a) C:\WINDOWS\system32\Drivers\VMparport.sys
22:31:09.0562 3680 VMparport - ok
22:31:09.0593 3680 vmx86 (3e039755695e7a80fd0f40685ad0f73b) C:\WINDOWS\system32\Drivers\vmx86.sys
22:31:09.0625 3680 vmx86 - ok
22:31:09.0656 3680 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
22:31:09.0765 3680 VolSnap - ok
22:31:09.0812 3680 vstor2-ws60 (70652ddbb219083acda28ca0cb0d6663) C:\Programme\VMware\VMware Player\vstor2-ws60.sys
22:31:09.0812 3680 vstor2-ws60 - ok
22:31:09.0843 3680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:31:09.0937 3680 Wanarp - ok
22:31:09.0984 3680 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
22:31:10.0000 3680 WDC_SAM - ok
22:31:10.0062 3680 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:31:10.0078 3680 Wdf01000 - ok
22:31:10.0093 3680 WDICA - ok
22:31:10.0140 3680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:31:10.0234 3680 wdmaud - ok
22:31:10.0265 3680 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:31:10.0359 3680 WS2IFSL - ok
22:31:10.0390 3680 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:31:10.0468 3680 WSTCODEC - ok
22:31:10.0484 3680 xcpip - ok
22:31:10.0500 3680 xpsec - ok
22:31:10.0500 3680 xu2yc8cq.sys - ok
22:31:10.0546 3680 MBR (0x1B8) (eeadaf356113e54427e990a5bcad82b5) \Device\Harddisk0\DR0
22:31:10.0546 3680 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
22:31:10.0546 3680 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
22:31:10.0593 3680 Boot (0x1200) (510d66dcc740e57b72ff795b446c29b5) \Device\Harddisk0\DR0\Partition0
22:31:10.0593 3680 \Device\Harddisk0\DR0\Partition0 - ok
22:31:10.0609 3680 ============================================================
22:31:10.0609 3680 Scan finished
22:31:10.0609 3680 ============================================================
22:31:10.0718 5020 Detected object count: 8
22:31:10.0718 5020 Actual detected object count: 8
22:31:49.0828 5020 camfilt2 ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:49.0828 5020 camfilt2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:49.0828 5020 enodpl ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:49.0828 5020 enodpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:49.0828 5020 Pivot ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:49.0828 5020 Pivot ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:49.0828 5020 pivotmou ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:49.0828 5020 pivotmou ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:49.0828 5020 prwntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:49.0828 5020 prwntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:49.0828 5020 SNPSTD3 ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:49.0828 5020 SNPSTD3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:49.0843 5020 tandpl ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:49.0843 5020 tandpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:49.0843 5020 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - skipped by user
22:31:49.0843 5020 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Skip

cosinus 22.12.2011 23:00
Zitat:
22:31:49.0843 5020 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - skipped by user
22:31:49.0843 5020 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Skip
Das (und nur das!!) unbedingt mit dem TDSS-Killer löschen.
Mach danach einen Windows-Neustart und anschließend ein neues Log mit dem TDSS-Killer

hanspans 22.12.2011 23:33
23:30:06.0375 3500 TDSS rootkit removing tool 2.6.24.0 Dec 22 2011 18:21:27
23:30:06.0500 3500 ============================================================
23:30:06.0500 3500 Current date / time: 2011/12/22 23:30:06.0500
23:30:06.0500 3500 SystemInfo:
23:30:06.0500 3500
23:30:06.0500 3500 OS Version: 5.1.2600 ServicePack: 3.0
23:30:06.0500 3500 Product type: Workstation
23:30:06.0500 3500 ComputerName: SMN
23:30:06.0500 3500 UserName: ***
23:30:06.0500 3500 Windows directory: C:\WINDOWS
23:30:06.0500 3500 System windows directory: C:\WINDOWS
23:30:06.0500 3500 Processor architecture: Intel x86
23:30:06.0500 3500 Number of processors: 2
23:30:06.0500 3500 Page size: 0x1000
23:30:06.0500 3500 Boot type: Normal boot
23:30:06.0500 3500 ============================================================
23:30:07.0437 3500 Initialize success
23:30:11.0296 4056 ============================================================
23:30:11.0296 4056 Scan started
23:30:11.0296 4056 Mode: Manual; SigCheck; TDLFS;
23:30:11.0296 4056 ============================================================
23:30:12.0000 4056 Abiosdsk - ok
23:30:12.0000 4056 abp480n5 - ok
23:30:12.0046 4056 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:30:13.0484 4056 ACPI - ok
23:30:13.0562 4056 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:30:13.0687 4056 ACPIEC - ok
23:30:13.0703 4056 adpu160m - ok
23:30:13.0718 4056 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:30:13.0812 4056 aec - ok
23:30:13.0828 4056 AF05BDA (4c35b9b2d62c1f6f66d07125c7cdbd8b) C:\WINDOWS\system32\drivers\AF05BDA.sys
23:30:13.0859 4056 AF05BDA - ok
23:30:13.0890 4056 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:30:13.0937 4056 AFD - ok
23:30:13.0953 4056 Aha154x - ok
23:30:13.0968 4056 aic78u2 - ok
23:30:13.0968 4056 aic78xx - ok
23:30:13.0984 4056 AliIde - ok
23:30:14.0000 4056 AmdK8 (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:30:14.0031 4056 AmdK8 - ok
23:30:14.0078 4056 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
23:30:14.0093 4056 AmdLLD - ok
23:30:14.0109 4056 amsint - ok
23:30:14.0125 4056 asc - ok
23:30:14.0125 4056 asc3350p - ok
23:30:14.0140 4056 asc3550 - ok
23:30:14.0171 4056 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:30:14.0265 4056 AsyncMac - ok
23:30:14.0281 4056 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:30:14.0375 4056 atapi - ok
23:30:14.0375 4056 Atdisk - ok
23:30:14.0484 4056 ati2mtag (c026951271d59ff97deb2a6b4895b416) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:30:14.0687 4056 ati2mtag - ok
23:30:14.0703 4056 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:30:14.0796 4056 Atmarpc - ok
23:30:14.0828 4056 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:30:14.0906 4056 audstub - ok
23:30:14.0937 4056 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:30:14.0984 4056 avgntflt - ok
23:30:15.0015 4056 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:30:15.0031 4056 avipbb - ok
23:30:15.0062 4056 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
23:30:15.0062 4056 avkmgr - ok
23:30:15.0093 4056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:30:15.0187 4056 Beep - ok
23:30:15.0234 4056 Btcsrusb (fb2abc6d08d9f8d5ed8e02cbd18b39bb) C:\WINDOWS\system32\Drivers\btcusb.sys
23:30:15.0250 4056 Btcsrusb - ok
23:30:15.0281 4056 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
23:30:15.0375 4056 BthEnum - ok
23:30:15.0390 4056 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
23:30:15.0484 4056 BthPan - ok
23:30:15.0500 4056 BTHPORT (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
23:30:15.0546 4056 BTHPORT - ok
23:30:15.0593 4056 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
23:30:15.0687 4056 BTHUSB - ok
23:30:15.0718 4056 CamdAudio (2504a70cc2ee4141edea21117dd3500f) C:\WINDOWS\system32\drivers\CamdAudio.sys
23:30:15.0718 4056 CamdAudio - ok
23:30:15.0750 4056 camfilt2 (088c0978203d59425a12b2a53fccd02b) C:\WINDOWS\system32\DRIVERS\camfilt2.sys
23:30:15.0750 4056 camfilt2 ( UnsignedFile.Multi.Generic ) - warning
23:30:15.0750 4056 camfilt2 - detected UnsignedFile.Multi.Generic (1)
23:30:15.0781 4056 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:30:15.0859 4056 cbidf2k - ok
23:30:15.0906 4056 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:30:16.0015 4056 CCDECODE - ok
23:30:16.0015 4056 cd20xrnt - ok
23:30:16.0031 4056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:30:16.0125 4056 Cdaudio - ok
23:30:16.0156 4056 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:30:16.0234 4056 Cdfs - ok
23:30:16.0250 4056 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:30:16.0343 4056 Cdrom - ok
23:30:16.0343 4056 Changer - ok
23:30:16.0359 4056 CmdIde - ok
23:30:16.0375 4056 Cpqarray - ok
23:30:16.0375 4056 dac2w2k - ok
23:30:16.0390 4056 dac960nt - ok
23:30:16.0406 4056 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:30:16.0484 4056 Disk - ok
23:30:16.0515 4056 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
23:30:16.0625 4056 dmboot - ok
23:30:16.0640 4056 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
23:30:16.0718 4056 dmio - ok
23:30:16.0734 4056 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:30:16.0828 4056 dmload - ok
23:30:16.0843 4056 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:30:16.0921 4056 DMusic - ok
23:30:16.0921 4056 dpti2o - ok
23:30:16.0937 4056 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:30:17.0031 4056 drmkaud - ok
23:30:17.0062 4056 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\WINDOWS\system32\drivers\enodpl.sys
23:30:17.0062 4056 enodpl ( UnsignedFile.Multi.Generic ) - warning
23:30:17.0062 4056 enodpl - detected UnsignedFile.Multi.Generic (1)
23:30:17.0078 4056 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:30:17.0171 4056 Fastfat - ok
23:30:17.0171 4056 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:30:17.0281 4056 Fdc - ok
23:30:17.0296 4056 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
23:30:17.0375 4056 Fips - ok
23:30:17.0390 4056 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:30:17.0468 4056 Flpydisk - ok
23:30:17.0484 4056 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:30:17.0562 4056 FltMgr - ok
23:30:17.0578 4056 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:30:17.0671 4056 Fs_Rec - ok
23:30:17.0671 4056 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:30:17.0765 4056 Ftdisk - ok
23:30:17.0796 4056 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys
23:30:17.0843 4056 GcKernel - ok
23:30:17.0890 4056 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
23:30:17.0906 4056 ggflt - ok
23:30:17.0953 4056 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
23:30:17.0968 4056 ggsemc - ok
23:30:17.0968 4056 GMSIPCI - ok
23:30:17.0984 4056 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:30:18.0078 4056 Gpc - ok
23:30:18.0109 4056 hcmon (dffc465c0a31dd2a86c4dd0a552aded8) C:\WINDOWS\system32\drivers\hcmon.sys
23:30:18.0109 4056 hcmon - ok
23:30:18.0156 4056 HdAudAddService (56bf27d7a539f9e6bbc1de201aba0edf) C:\WINDOWS\system32\drivers\AtiHdAud.sys
23:30:18.0171 4056 HdAudAddService - ok
23:30:18.0203 4056 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:30:18.0281 4056 HDAudBus - ok
23:30:18.0312 4056 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
23:30:18.0359 4056 HIDSwvd - ok
23:30:18.0375 4056 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:30:18.0468 4056 hidusb - ok
23:30:18.0484 4056 hpn - ok
23:30:18.0531 4056 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:30:18.0578 4056 HTTP - ok
23:30:18.0593 4056 i2omgmt - ok
23:30:18.0593 4056 i2omp - ok
23:30:18.0609 4056 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:30:18.0703 4056 i8042prt - ok
23:30:18.0703 4056 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:30:18.0781 4056 Imapi - ok
23:30:18.0796 4056 ini910u - ok
23:30:18.0906 4056 IntcAzAudAddService (a799e941c3d19bcf6f93cbe12b55bc17) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:30:19.0046 4056 IntcAzAudAddService - ok
23:30:19.0062 4056 IntelIde - ok
23:30:19.0093 4056 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:30:19.0187 4056 Ip6Fw - ok
23:30:19.0218 4056 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:30:19.0296 4056 IpFilterDriver - ok
23:30:19.0328 4056 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:30:19.0421 4056 IpInIp - ok
23:30:19.0437 4056 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:30:19.0515 4056 IpNat - ok
23:30:19.0531 4056 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:30:19.0625 4056 IPSec - ok
23:30:19.0656 4056 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:30:19.0687 4056 IRENUM - ok
23:30:19.0718 4056 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:30:19.0796 4056 isapnp - ok
23:30:19.0828 4056 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:30:19.0921 4056 Kbdclass - ok
23:30:19.0921 4056 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:30:20.0015 4056 kbdhid - ok
23:30:20.0031 4056 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:30:20.0125 4056 kmixer - ok
23:30:20.0140 4056 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:30:20.0218 4056 KSecDD - ok
23:30:20.0234 4056 lbrtfdc - ok
23:30:20.0281 4056 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
23:30:20.0281 4056 LHidFilt - ok
23:30:20.0312 4056 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
23:30:20.0312 4056 LMouFilt - ok
23:30:20.0328 4056 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
23:30:20.0328 4056 MBAMProtector - ok
23:30:20.0343 4056 MBAMSwissArmy - ok
23:30:20.0375 4056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:30:20.0468 4056 mnmdd - ok
23:30:20.0500 4056 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
23:30:20.0593 4056 Modem - ok
23:30:20.0609 4056 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:30:20.0687 4056 Mouclass - ok
23:30:20.0703 4056 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:30:20.0781 4056 mouhid - ok
23:30:20.0796 4056 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:30:20.0875 4056 MountMgr - ok
23:30:20.0906 4056 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
23:30:20.0984 4056 MPE - ok
23:30:21.0000 4056 mraid35x - ok
23:30:21.0000 4056 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:30:21.0093 4056 MRxDAV - ok
23:30:21.0125 4056 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:30:21.0203 4056 MRxSmb - ok
23:30:21.0234 4056 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:30:21.0328 4056 Msfs - ok
23:30:21.0343 4056 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:30:21.0437 4056 MSKSSRV - ok
23:30:21.0453 4056 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:30:21.0531 4056 MSPCLOCK - ok
23:30:21.0531 4056 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:30:21.0625 4056 MSPQM - ok
23:30:21.0640 4056 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:30:21.0718 4056 mssmbios - ok
23:30:21.0718 4056 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:30:21.0812 4056 MSTEE - ok
23:30:21.0828 4056 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:30:21.0859 4056 Mup - ok
23:30:21.0890 4056 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:30:21.0984 4056 NABTSFEC - ok
23:30:22.0000 4056 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:30:22.0078 4056 NDIS - ok
23:30:22.0093 4056 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:30:22.0171 4056 NdisIP - ok
23:30:22.0187 4056 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:30:22.0218 4056 NdisTapi - ok
23:30:22.0234 4056 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:30:22.0312 4056 Ndisuio - ok
23:30:22.0343 4056 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:30:22.0437 4056 NdisWan - ok
23:30:22.0484 4056 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:30:22.0515 4056 NDProxy - ok
23:30:22.0546 4056 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:30:22.0625 4056 NetBIOS - ok
23:30:22.0640 4056 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:30:22.0718 4056 NetBT - ok
23:30:22.0750 4056 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:30:22.0828 4056 Npfs - ok
23:30:22.0843 4056 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:30:22.0953 4056 Ntfs - ok
23:30:22.0968 4056 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:30:23.0046 4056 Null - ok
23:30:23.0062 4056 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:30:23.0140 4056 NwlnkFlt - ok
23:30:23.0171 4056 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:30:23.0250 4056 NwlnkFwd - ok
23:30:23.0281 4056 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
23:30:23.0359 4056 Parport - ok
23:30:23.0359 4056 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:30:23.0453 4056 PartMgr - ok
23:30:23.0468 4056 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
23:30:23.0546 4056 ParVdm - ok
23:30:23.0562 4056 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
23:30:23.0640 4056 PCI - ok
23:30:23.0656 4056 PCIDump - ok
23:30:23.0671 4056 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:30:23.0765 4056 PCIIde - ok
23:30:23.0781 4056 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:30:23.0859 4056 Pcmcia - ok
23:30:23.0875 4056 PDCOMP - ok
23:30:23.0875 4056 PDFRAME - ok
23:30:23.0921 4056 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\WINDOWS\system32\Drivers\PdiPorts.sys
23:30:23.0937 4056 PdiPorts - ok
23:30:23.0937 4056 PDRELI - ok
23:30:23.0953 4056 PDRFRAME - ok
23:30:23.0953 4056 perc2 - ok
23:30:23.0968 4056 perc2hib - ok
23:30:24.0000 4056 Pivot (943f840611d33832308ec5310b616b57) C:\WINDOWS\system32\drivers\pivot.sys
23:30:24.0000 4056 Pivot ( UnsignedFile.Multi.Generic ) - warning
23:30:24.0000 4056 Pivot - detected UnsignedFile.Multi.Generic (1)
23:30:24.0031 4056 pivotmou (998c58295288eedfbfe95e7f6cc94df4) C:\WINDOWS\system32\drivers\pivotmou.sys
23:30:24.0046 4056 pivotmou ( UnsignedFile.Multi.Generic ) - warning
23:30:24.0046 4056 pivotmou - detected UnsignedFile.Multi.Generic (1)
23:30:24.0062 4056 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:30:24.0140 4056 PptpMiniport - ok
23:30:24.0156 4056 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
23:30:24.0234 4056 Processor - ok
23:30:24.0281 4056 prwntdrv (c590535d68fd6c84707dc1debd2afd68) C:\WINDOWS\system32\prwntdrv.sys
23:30:24.0296 4056 prwntdrv ( UnsignedFile.Multi.Generic ) - warning
23:30:24.0296 4056 prwntdrv - detected UnsignedFile.Multi.Generic (1)
23:30:24.0296 4056 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:30:24.0390 4056 PSched - ok
23:30:24.0390 4056 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:30:24.0468 4056 Ptilink - ok
23:30:24.0484 4056 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:30:24.0484 4056 PxHelp20 - ok
23:30:24.0500 4056 ql1080 - ok
23:30:24.0500 4056 Ql10wnt - ok
23:30:24.0515 4056 ql12160 - ok
23:30:24.0515 4056 ql1240 - ok
23:30:24.0531 4056 ql1280 - ok
23:30:24.0546 4056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:30:24.0625 4056 RasAcd - ok
23:30:24.0625 4056 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:30:24.0703 4056 Rasl2tp - ok
23:30:24.0718 4056 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:30:24.0796 4056 RasPppoe - ok
23:30:24.0796 4056 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:30:24.0875 4056 Raspti - ok
23:30:24.0875 4056 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:30:24.0953 4056 Rdbss - ok
23:30:24.0968 4056 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:30:25.0031 4056 RDPCDD - ok
23:30:25.0046 4056 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:30:25.0125 4056 rdpdr - ok
23:30:25.0171 4056 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:30:25.0203 4056 RDPWD - ok
23:30:25.0250 4056 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:30:25.0312 4056 redbook - ok
23:30:25.0343 4056 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
23:30:25.0421 4056 RFCOMM - ok
23:30:25.0453 4056 RTLE8023xp (e6e5af7d6920824b066832d3e1665506) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:30:25.0484 4056 RTLE8023xp - ok
23:30:25.0515 4056 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
23:30:25.0515 4056 s116bus - ok
23:30:25.0562 4056 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
23:30:25.0578 4056 s116mdfl - ok
23:30:25.0609 4056 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
23:30:25.0625 4056 s116mdm - ok
23:30:25.0640 4056 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
23:30:25.0656 4056 s116mgmt - ok
23:30:25.0671 4056 s116nd5 (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys
23:30:25.0671 4056 s116nd5 - ok
23:30:25.0687 4056 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
23:30:25.0703 4056 s116obex - ok
23:30:25.0718 4056 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys
23:30:25.0734 4056 s116unic - ok
23:30:25.0750 4056 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:30:25.0812 4056 Secdrv - ok
23:30:25.0859 4056 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
23:30:25.0921 4056 seehcri - ok
23:30:25.0937 4056 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:30:26.0031 4056 serenum - ok
23:30:26.0031 4056 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
23:30:26.0125 4056 Serial - ok
23:30:26.0125 4056 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:30:26.0218 4056 Sfloppy - ok
23:30:26.0218 4056 Simbad - ok
23:30:26.0265 4056 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:30:26.0343 4056 SLIP - ok
23:30:26.0562 4056 SNPSTD3 (9cd6ffc9f5b999eb5df69b9177d9848f) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
23:30:26.0875 4056 SNPSTD3 ( UnsignedFile.Multi.Generic ) - warning
23:30:26.0875 4056 SNPSTD3 - detected UnsignedFile.Multi.Generic (1)
23:30:26.0921 4056 Sparrow - ok
23:30:26.0953 4056 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:30:27.0031 4056 splitter - ok
23:30:27.0046 4056 sptd - ok
23:30:27.0062 4056 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
23:30:27.0109 4056 sr - ok
23:30:27.0125 4056 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:30:27.0234 4056 Srv - ok
23:30:27.0312 4056 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:30:27.0312 4056 ssmdrv - ok
23:30:27.0359 4056 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:30:27.0437 4056 streamip - ok
23:30:27.0453 4056 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:30:27.0546 4056 swenum - ok
23:30:27.0562 4056 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:30:27.0640 4056 swmidi - ok
23:30:27.0640 4056 symc810 - ok
23:30:27.0656 4056 symc8xx - ok
23:30:27.0656 4056 sym_hi - ok
23:30:27.0671 4056 sym_u3 - ok
23:30:27.0687 4056 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:30:27.0765 4056 sysaudio - ok
23:30:27.0796 4056 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\WINDOWS\system32\drivers\tandpl.sys
23:30:27.0796 4056 tandpl ( UnsignedFile.Multi.Generic ) - warning
23:30:27.0796 4056 tandpl - detected UnsignedFile.Multi.Generic (1)
23:30:27.0828 4056 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:30:27.0890 4056 Tcpip - ok
23:30:27.0921 4056 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:30:28.0015 4056 TDPIPE - ok
23:30:28.0031 4056 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:30:28.0109 4056 TDTCP - ok
23:30:28.0125 4056 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:30:28.0203 4056 TermDD - ok
23:30:28.0218 4056 TosIde - ok
23:30:28.0250 4056 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:30:28.0328 4056 Udfs - ok
23:30:28.0328 4056 ultra - ok
23:30:28.0359 4056 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:30:28.0453 4056 Update - ok
23:30:28.0484 4056 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:30:28.0578 4056 usbaudio - ok
23:30:28.0593 4056 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:30:28.0656 4056 usbccgp - ok
23:30:28.0671 4056 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:30:28.0750 4056 usbehci - ok
23:30:28.0781 4056 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:30:28.0859 4056 usbhub - ok
23:30:28.0890 4056 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:30:28.0968 4056 usbohci - ok
23:30:29.0000 4056 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:30:29.0078 4056 usbscan - ok
23:30:29.0093 4056 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:30:29.0156 4056 USBSTOR - ok
23:30:29.0187 4056 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
23:30:29.0203 4056 vaxscsi - ok
23:30:29.0218 4056 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:30:29.0281 4056 VgaSave - ok
23:30:29.0296 4056 ViaIde - ok
23:30:29.0328 4056 vmci (a131387e5bfdfc27debda8428ea14173) C:\WINDOWS\system32\Drivers\vmci.sys
23:30:29.0328 4056 vmci - ok
23:30:29.0359 4056 vmkbd (9450172735eca807d3ae92bbc04dcb5c) C:\WINDOWS\system32\drivers\VMkbd.sys
23:30:29.0359 4056 vmkbd - ok
23:30:29.0390 4056 VMnetAdapter (898706a05d20b706848a440961c52436) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
23:30:29.0390 4056 VMnetAdapter - ok
23:30:29.0421 4056 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
23:30:29.0421 4056 VMnetBridge - ok
23:30:29.0437 4056 VMnetuserif (7cccbc8a9be8766a32a8d26f52f9f31c) C:\WINDOWS\system32\drivers\vmnetuserif.sys
23:30:29.0437 4056 VMnetuserif - ok
23:30:29.0453 4056 VMparport (742bbfe7e125a3b0169ab303fa73ba4a) C:\WINDOWS\system32\Drivers\VMparport.sys
23:30:29.0468 4056 VMparport - ok
23:30:29.0500 4056 vmx86 (3e039755695e7a80fd0f40685ad0f73b) C:\WINDOWS\system32\Drivers\vmx86.sys
23:30:29.0531 4056 vmx86 - ok
23:30:29.0562 4056 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
23:30:29.0656 4056 VolSnap - ok
23:30:29.0687 4056 vstor2-ws60 (70652ddbb219083acda28ca0cb0d6663) C:\Programme\VMware\VMware Player\vstor2-ws60.sys
23:30:29.0687 4056 vstor2-ws60 - ok
23:30:29.0718 4056 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:30:29.0796 4056 Wanarp - ok
23:30:29.0828 4056 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
23:30:29.0859 4056 WDC_SAM - ok
23:30:29.0921 4056 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:30:29.0953 4056 Wdf01000 - ok
23:30:29.0968 4056 WDICA - ok
23:30:29.0984 4056 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:30:30.0062 4056 wdmaud - ok
23:30:30.0109 4056 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:30:30.0203 4056 WS2IFSL - ok
23:30:30.0234 4056 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:30:30.0312 4056 WSTCODEC - ok
23:30:30.0328 4056 xcpip - ok
23:30:30.0328 4056 xpsec - ok
23:30:30.0343 4056 xu2yc8cq.sys - ok
23:30:30.0390 4056 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
23:30:30.0562 4056 \Device\Harddisk0\DR0 - ok
23:30:30.0562 4056 Boot (0x1200) (510d66dcc740e57b72ff795b446c29b5) \Device\Harddisk0\DR0\Partition0
23:30:30.0562 4056 \Device\Harddisk0\DR0\Partition0 - ok
23:30:30.0562 4056 ============================================================
23:30:30.0562 4056 Scan finished
23:30:30.0562 4056 ============================================================
23:30:30.0703 2408 Detected object count: 7
23:30:30.0703 2408 Actual detected object count: 7
23:30:44.0484 2408 camfilt2 ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:44.0484 2408 camfilt2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:44.0484 2408 enodpl ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:44.0484 2408 enodpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:44.0500 2408 Pivot ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:44.0500 2408 Pivot ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:44.0500 2408 pivotmou ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:44.0500 2408 pivotmou ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:44.0500 2408 prwntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:44.0500 2408 prwntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:44.0500 2408 SNPSTD3 ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:44.0500 2408 SNPSTD3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:44.0500 2408 tandpl ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:44.0500 2408 tandpl ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 23.12.2011 17:12
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

hanspans 17.01.2012 17:39
Sorry, dass die Logs hier so verzögert eintrudeln, war wegen Feiertagen etc nie lange an meinem Rechner. Hier das ComboFix-Log:


Combofix Logfile:
Code:
ComboFix 11-12-30.01 - *** 30.12.2011  21:12:01.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2047.1454 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{889C6F39-241F-4119-8026-1B2F4A124839}\PostBuild.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe
c:\dokumente und einstellungen\Default User\apb9D5.tmp
c:\dokumente und einstellungen\Default User\aqbA59.tmp
c:\dokumente und einstellungen\Default User\awbAEF.tmp
c:\dokumente und einstellungen\Default User\bcbA9A.tmp
c:\dokumente und einstellungen\Default User\bdb98D.tmp
c:\dokumente und einstellungen\Default User\bibB25.tmp
c:\dokumente und einstellungen\Default User\bmbA4A.tmp
c:\dokumente und einstellungen\Default User\bqb93E.tmp
c:\dokumente und einstellungen\Default User\bubA6C.tmp
c:\dokumente und einstellungen\Default User\cjbA36.tmp
c:\dokumente und einstellungen\Default User\crbA5F.tmp
c:\dokumente und einstellungen\Default User\crbADC.tmp
c:\dokumente und einstellungen\Default User\debB13.tmp
c:\dokumente und einstellungen\Default User\dobA53.tmp
c:\dokumente und einstellungen\Default User\dsb9E4.tmp
c:\dokumente und einstellungen\Default User\ebb983.tmp
c:\dokumente und einstellungen\Default User\enbAC8.tmp
c:\dokumente und einstellungen\Default User\fkbABC.tmp
c:\dokumente und einstellungen\Default User\fmb9C8.tmp
c:\dokumente und einstellungen\Default User\frb9DB.tmp
c:\dokumente und einstellungen\Default User\ftbAE2.tmp
c:\dokumente und einstellungen\Default User\fxbA79.tmp
c:\dokumente und einstellungen\Default User\gebA1E.tmp
c:\dokumente und einstellungen\Default User\gfbB18.tmp
c:\dokumente und einstellungen\Default User\gib901.tmp
c:\dokumente und einstellungen\Default User\gpb936.tmp
c:\dokumente und einstellungen\Default User\hkb9B2.tmp
c:\dokumente und einstellungen\Default User\ihbA2F.tmp
c:\dokumente und einstellungen\Default User\jfb993.tmp
c:\dokumente und einstellungen\Default User\jgbB20.tmp
c:\dokumente und einstellungen\Default User\jhb8FF.tmp
c:\dokumente und einstellungen\Default User\jjbB2B.tmp
c:\dokumente und einstellungen\Default User\jkbB31.tmp
c:\dokumente und einstellungen\Default User\jlb9BF.tmp
c:\dokumente und einstellungen\Default User\jqbAD5.tmp
c:\dokumente und einstellungen\Default User\jybAF9.tmp
c:\dokumente und einstellungen\Default User\kabA0B.tmp
c:\dokumente und einstellungen\Default User\kib9A7.tmp
c:\dokumente und einstellungen\Default User\kwb9F8.tmp
c:\dokumente und einstellungen\Default User\lbbA11.tmp
c:\dokumente und einstellungen\Default User\llbAC2.tmp
c:\dokumente und einstellungen\Default User\lmb91E.tmp
c:\dokumente und einstellungen\Default User\lzbAFF.tmp
c:\dokumente und einstellungen\Default User\mcb8C4.tmp
c:\dokumente und einstellungen\Default User\mhb99C.tmp
c:\dokumente und einstellungen\Default User\mob92F.tmp
c:\dokumente und einstellungen\Default User\ojb908.tmp
c:\dokumente und einstellungen\Default User\osb945.tmp
c:\dokumente und einstellungen\Default User\owb961.tmp
c:\dokumente und einstellungen\Default User\pab97C.tmp
c:\dokumente und einstellungen\Default User\ptb951.tmp
c:\dokumente und einstellungen\Default User\qdbA17.tmp
c:\dokumente und einstellungen\Default User\qlb917.tmp
c:\dokumente und einstellungen\Default User\qob9CF.tmp
c:\dokumente und einstellungen\Default User\qub9EB.tmp
c:\dokumente und einstellungen\Default User\rgbAAA.tmp
c:\dokumente und einstellungen\Default User\rwbA72.tmp
c:\dokumente und einstellungen\Default User\rybA01.tmp
c:\dokumente und einstellungen\Default User\sabA94.tmp
c:\dokumente und einstellungen\Default User\sebAA4.tmp
c:\dokumente und einstellungen\Default User\shbAB0.tmp
c:\dokumente und einstellungen\Default User\sza8B4.tmp
c:\dokumente und einstellungen\Default User\teb8F1.tmp
c:\dokumente und einstellungen\Default User\tobACE.tmp
c:\dokumente und einstellungen\Default User\uubAE9.tmp
c:\dokumente und einstellungen\Default User\vjbAB6.tmp
c:\dokumente und einstellungen\Default User\vub95A.tmp
c:\dokumente und einstellungen\Default User\vxb968.tmp
c:\dokumente und einstellungen\Default User\wtbA65.tmp
c:\dokumente und einstellungen\Default User\wvb9F1.tmp
c:\dokumente und einstellungen\Default User\xcbB0C.tmp
c:\dokumente und einstellungen\Default User\xgb99A.tmp
c:\dokumente und einstellungen\Default User\xyb975.tmp
c:\dokumente und einstellungen\Default User\yab8BD.tmp
c:\dokumente und einstellungen\Default User\ygb8F8.tmp
c:\dokumente und einstellungen\Default User\zgbA28.tmp
c:\dokumente und einstellungen\Default User\zkbA3F.tmp
c:\dokumente und einstellungen\***\apb9D5.tmp
c:\dokumente und einstellungen\***\aqbA59.tmp
c:\dokumente und einstellungen\***\awbAEF.tmp
c:\dokumente und einstellungen\***\bcbA9A.tmp
c:\dokumente und einstellungen\***\bdb98D.tmp
c:\dokumente und einstellungen\***\bibB25.tmp
c:\dokumente und einstellungen\***\bmbA4A.tmp
c:\dokumente und einstellungen\***\bqb93E.tmp
c:\dokumente und einstellungen\***\bubA6C.tmp
c:\dokumente und einstellungen\***\cjbA36.tmp
c:\dokumente und einstellungen\***\crbA5F.tmp
c:\dokumente und einstellungen\***\crbADC.tmp
c:\dokumente und einstellungen\***\debB13.tmp
c:\dokumente und einstellungen\***\dobA53.tmp
c:\dokumente und einstellungen\***\dsb9E4.tmp
c:\dokumente und einstellungen\***\ebb983.tmp
c:\dokumente und einstellungen\***\enbAC8.tmp
c:\dokumente und einstellungen\***\fkbABC.tmp
c:\dokumente und einstellungen\***\fmb9C8.tmp
c:\dokumente und einstellungen\***\frb9DB.tmp
c:\dokumente und einstellungen\***\ftbAE2.tmp
c:\dokumente und einstellungen\***\fxbA79.tmp
c:\dokumente und einstellungen\***\gebA1E.tmp
c:\dokumente und einstellungen\***\gfbB18.tmp
c:\dokumente und einstellungen\***\gib901.tmp
c:\dokumente und einstellungen\***\gpb936.tmp
c:\dokumente und einstellungen\***\hkb9B2.tmp
c:\dokumente und einstellungen\***\ihbA2F.tmp
c:\dokumente und einstellungen\***\jfb993.tmp
c:\dokumente und einstellungen\***\jgbB20.tmp
c:\dokumente und einstellungen\***\jhb8FF.tmp
c:\dokumente und einstellungen\***\jjbB2B.tmp
c:\dokumente und einstellungen\***\jkbB31.tmp
c:\dokumente und einstellungen\***\jlb9BF.tmp
c:\dokumente und einstellungen\***\jqbAD5.tmp
c:\dokumente und einstellungen\***\jybAF9.tmp
c:\dokumente und einstellungen\***\kabA0B.tmp
c:\dokumente und einstellungen\***\kib9A7.tmp
c:\dokumente und einstellungen\***\kwb9F8.tmp
c:\dokumente und einstellungen\***\lbbA11.tmp
c:\dokumente und einstellungen\***\llbAC2.tmp
c:\dokumente und einstellungen\***\lmb91E.tmp
c:\dokumente und einstellungen\***\lzbAFF.tmp
c:\dokumente und einstellungen\***\mcb8C4.tmp
c:\dokumente und einstellungen\***\mhb99C.tmp
c:\dokumente und einstellungen\***\mob92F.tmp
c:\dokumente und einstellungen\***\ojb908.tmp
c:\dokumente und einstellungen\***\osb945.tmp
c:\dokumente und einstellungen\***\owb961.tmp
c:\dokumente und einstellungen\***\pab97C.tmp
c:\dokumente und einstellungen\***\ptb951.tmp
c:\dokumente und einstellungen\***\qdbA17.tmp
c:\dokumente und einstellungen\***\qlb917.tmp
c:\dokumente und einstellungen\***\qob9CF.tmp
c:\dokumente und einstellungen\***\qub9EB.tmp
c:\dokumente und einstellungen\***\rgbAAA.tmp
c:\dokumente und einstellungen\***\rwbA72.tmp
c:\dokumente und einstellungen\***\rybA01.tmp
c:\dokumente und einstellungen\***\sabA94.tmp
c:\dokumente und einstellungen\***\sebAA4.tmp
c:\dokumente und einstellungen\***\shbAB0.tmp
c:\dokumente und einstellungen\***\sza8B4.tmp
c:\dokumente und einstellungen\***\teb8F1.tmp
c:\dokumente und einstellungen\***\tobACE.tmp
c:\dokumente und einstellungen\***\uubAE9.tmp
c:\dokumente und einstellungen\***\vjbAB6.tmp
c:\dokumente und einstellungen\***\vub95A.tmp
c:\dokumente und einstellungen\***\vxb968.tmp
c:\dokumente und einstellungen\***\WINDOWS
c:\dokumente und einstellungen\***\wtbA65.tmp
c:\dokumente und einstellungen\***\wvb9F1.tmp
c:\dokumente und einstellungen\***\xcbB0C.tmp
c:\dokumente und einstellungen\***\xgb99A.tmp
c:\dokumente und einstellungen\***\xyb975.tmp
c:\dokumente und einstellungen\***\yab8BD.tmp
c:\dokumente und einstellungen\***\ygb8F8.tmp
c:\dokumente und einstellungen\***\zgbA28.tmp
c:\dokumente und einstellungen\***\zkbA3F.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\AF05BDAEX.dll
c:\windows\system32\config\systemprofile\apb9D5.tmp
c:\windows\system32\config\systemprofile\aqbA59.tmp
c:\windows\system32\config\systemprofile\awbAEF.tmp
c:\windows\system32\config\systemprofile\bcbA9A.tmp
c:\windows\system32\config\systemprofile\bdb98D.tmp
c:\windows\system32\config\systemprofile\bibB25.tmp
c:\windows\system32\config\systemprofile\bmbA4A.tmp
c:\windows\system32\config\systemprofile\bqb93E.tmp
c:\windows\system32\config\systemprofile\bubA6C.tmp
c:\windows\system32\config\systemprofile\cjbA36.tmp
c:\windows\system32\config\systemprofile\crbA5F.tmp
c:\windows\system32\config\systemprofile\crbADC.tmp
c:\windows\system32\config\systemprofile\debB13.tmp
c:\windows\system32\config\systemprofile\dobA53.tmp
c:\windows\system32\config\systemprofile\dsb9E4.tmp
c:\windows\system32\config\systemprofile\ebb983.tmp
c:\windows\system32\config\systemprofile\enbAC8.tmp
c:\windows\system32\config\systemprofile\fkbABC.tmp
c:\windows\system32\config\systemprofile\fmb9C8.tmp
c:\windows\system32\config\systemprofile\frb9DB.tmp
c:\windows\system32\config\systemprofile\ftbAE2.tmp
c:\windows\system32\config\systemprofile\fxbA79.tmp
c:\windows\system32\config\systemprofile\gebA1E.tmp
c:\windows\system32\config\systemprofile\gfbB18.tmp
c:\windows\system32\config\systemprofile\gib901.tmp
c:\windows\system32\config\systemprofile\gpb936.tmp
c:\windows\system32\config\systemprofile\hkb9B2.tmp
c:\windows\system32\config\systemprofile\ihbA2F.tmp
c:\windows\system32\config\systemprofile\jfb993.tmp
c:\windows\system32\config\systemprofile\jgbB20.tmp
c:\windows\system32\config\systemprofile\jhb8FF.tmp
c:\windows\system32\config\systemprofile\jjbB2B.tmp
c:\windows\system32\config\systemprofile\jkbB31.tmp
c:\windows\system32\config\systemprofile\jlb9BF.tmp
c:\windows\system32\config\systemprofile\jqbAD5.tmp
c:\windows\system32\config\systemprofile\jybAF9.tmp
c:\windows\system32\config\systemprofile\kabA0B.tmp
c:\windows\system32\config\systemprofile\kib9A7.tmp
c:\windows\system32\config\systemprofile\kwb9F8.tmp
c:\windows\system32\config\systemprofile\lbbA11.tmp
c:\windows\system32\config\systemprofile\llbAC2.tmp
c:\windows\system32\config\systemprofile\lmb91E.tmp
c:\windows\system32\config\systemprofile\lzbAFF.tmp
c:\windows\system32\config\systemprofile\mcb8C4.tmp
c:\windows\system32\config\systemprofile\mhb99C.tmp
c:\windows\system32\config\systemprofile\mob92F.tmp
c:\windows\system32\config\systemprofile\ojb908.tmp
c:\windows\system32\config\systemprofile\osb945.tmp
c:\windows\system32\config\systemprofile\owb961.tmp
c:\windows\system32\config\systemprofile\pab97C.tmp
c:\windows\system32\config\systemprofile\ptb951.tmp
c:\windows\system32\config\systemprofile\qdbA17.tmp
c:\windows\system32\config\systemprofile\qlb917.tmp
c:\windows\system32\config\systemprofile\qob9CF.tmp
c:\windows\system32\config\systemprofile\qub9EB.tmp
c:\windows\system32\config\systemprofile\rgbAAA.tmp
c:\windows\system32\config\systemprofile\rwbA72.tmp
c:\windows\system32\config\systemprofile\rybA01.tmp
c:\windows\system32\config\systemprofile\sabA94.tmp
c:\windows\system32\config\systemprofile\sebAA4.tmp
c:\windows\system32\config\systemprofile\shbAB0.tmp
c:\windows\system32\config\systemprofile\sza8B4.tmp
c:\windows\system32\config\systemprofile\teb8F1.tmp
c:\windows\system32\config\systemprofile\tobACE.tmp
c:\windows\system32\config\systemprofile\uubAE9.tmp
c:\windows\system32\config\systemprofile\vjbAB6.tmp
c:\windows\system32\config\systemprofile\vub95A.tmp
c:\windows\system32\config\systemprofile\vxb968.tmp
c:\windows\system32\config\systemprofile\wtbA65.tmp
c:\windows\system32\config\systemprofile\wvb9F1.tmp
c:\windows\system32\config\systemprofile\xcbB0C.tmp
c:\windows\system32\config\systemprofile\xgb99A.tmp
c:\windows\system32\config\systemprofile\xyb975.tmp
c:\windows\system32\config\systemprofile\yab8BD.tmp
c:\windows\system32\config\systemprofile\ygb8F8.tmp
c:\windows\system32\config\systemprofile\zgbA28.tmp
c:\windows\system32\config\systemprofile\zkbA3F.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-28 bis 2011-12-30  ))))))))))))))))))))))))))))))
.
.
2011-12-22 21:39 . 2011-12-22 21:39        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\DDMSettings
2011-12-22 19:28 . 2011-12-22 19:28        --------        d-----w-        C:\_OTL
2011-12-22 06:01 . 2011-12-22 06:01        --------        d-----w-        c:\programme\ESET
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-22 05:44 . 2011-05-18 17:33        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 14:27 . 2011-10-15 07:08        134856        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-11-23 14:40 . 2001-10-02 13:00        1859712        ----a-w-        c:\windows\system32\win32k.sys
2011-11-20 15:16 . 2011-11-20 15:51        302592        ----a-w-        c:\programme\quph0wdv.exe
2011-11-17 22:05 . 2011-11-17 22:05        5376        ----a-w-        c:\windows\system32\antiwpa.dll
2011-11-04 19:13 . 2001-10-02 13:00        916992        ----a-w-        c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2001-10-02 13:00        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2001-10-02 13:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2001-10-02 13:00        385024        ----a-w-        c:\windows\system32\html.iec
2011-11-01 16:07 . 2001-10-02 13:00        1288704        ----a-w-        c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2001-10-02 13:00        33280        ----a-w-        c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2001-10-02 13:00        2151424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-10-26 10:49 . 2001-10-02 13:00        2029568        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-10-20 23:26 . 2011-10-20 23:26        94208        ----a-w-        c:\windows\system32\dpl100.dll
2011-10-18 11:13 . 2001-10-02 13:00        186880        ----a-w-        c:\windows\system32\encdec.dll
2011-10-11 13:00 . 2011-10-15 07:08        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-15 07:08        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2011-10-10 14:22 . 2008-10-27 23:04        692736        ----a-w-        c:\windows\system32\inetcomm.dll
2011-10-03 04:06 . 2011-03-22 20:13        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2011-03-22 20:13        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2009-08-13 10:14 . 2011-11-20 14:03        472064        ----a-w-        c:\programme\RootRepeal.exe
2007-02-01 17:02 . 2009-02-02 23:21        313344        ----a-w-        c:\programme\hjsplit.exe
2004-11-28 19:33 . 2009-02-12 05:10        1208320        ----a-w-        c:\programme\IfoEdit.exe
2002-11-06 19:42 . 2009-02-12 12:49        237568        ----a-w-        c:\programme\VobEdit.exe
1998-04-08 15:20 . 2009-03-10 12:10        12048        ----a-w-        c:\programme\cpugrab.exe
1997-10-16 14:25 . 2009-03-10 01:52        143872        ----a-r-        c:\programme\SlowDown.exe
2011-10-13 14:28 . 2011-06-26 23:10        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06        163328        --sh--r-        c:\windows\system32\flvDX.dll
2007-02-21 11:47        31232        --sh--r-        c:\windows\system32\msfDX.dll
2008-03-16 13:30        216064        --sh--r-        c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Olympus ib"="c:\programme\Olympus\ib\olycamdetect.exe" [2011-03-11 93360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"PivotSoftware"="c:\programme\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT HPW"="c:\programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe" [2008-07-14 81920]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"amd_dc_opt"="c:\programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"MDS_Menu"="c:\programme\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"Olympus ib"="c:\programme\Olympus\ib\olycamdetect.exe" [2011-03-11 93360]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-5-6 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28        72208        ----a-w-        c:\programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43        69632        ------r-        c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDeluxe2]
2007-08-10 12:38        81920        ----a-w-        c:\programme\Hercules\Deluxe Optical Glass\CamService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-05-10 10:08        16342528        ------r-        c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-06-13 07:16        528384        ----a-r-        c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2008-10-28 21:00        64048        ----a-w-        c:\programme\VMware\VMware Player\hqtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\VMware\\VMware Player\\vmware-authd.exe"=
"c:\\Programme\\Messenger\\Msmsgs.exe"=
"c:\\Programme\\Hercules\\Deluxe Optical Glass\\Station2.exe"=
"c:\\Programme\\Nero\\Nero 9\\Nero ShowTime\\ShowTime.exe"=
"c:\\spiele\\Steam\\Steam.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Programme\\Winamp\\winamp.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Java\\jre6\\launch4j-tmp\\VMLoad.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [15.10.2011 08:08 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [15.10.2011 08:08 86224]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [17.11.2011 22:10 366152]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [28.10.2008 22:01 54960]
R3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [04.11.2008 23:24 133504]
R3 CamdAudio;CamdAudio;c:\windows\system32\drivers\CamdAudio.sys [09.08.2011 19:16 23608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17.11.2011 22:10 22216]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [22.02.2011 01:00 27632]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [20.09.2009 23:07 94720]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [22.02.2011 01:00 13224]
S3 GSService;GSService;c:\windows\system32\GSService.exe [09.08.2011 19:16 1037824]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [24.05.2011 13:53 13064]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [09.08.2011 19:16 243712]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [29.10.2008 22:33 223128]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [14.10.2011 01:03 11520]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S3 xu2yc8cq.sys;xu2yc8cq.sys;\??\c:\windows\system32\drivers\xu2yc8cq.sys --> c:\windows\system32\drivers\xu2yc8cq.sys [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Alles mit FDM herunterladen - file://c:\programme\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\programme\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\programme\Free Download Manager\dllink.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\programme\Free Download Manager\dlfvideo.htm
LSP: c:\programme\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.220.1
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AeroSnap - c:\programme\AeroSnap\AeroSnap.exe
HKU-Default-Run-portwexexe.exe - c:\portwexexe\portwexexe.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-NBKeyScan - c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
AddRemove-ICQ 6.5 - Air Skin (By Hurtness)_is1 - c:\programme\ICQ6.5\Packages\ICQBRASIL\Skins\Air Skin\unins000.exe
AddRemove-SWF FLV to MP3 Converter - c:\programme\SWFFLV2MP3\uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\programme\DivX\DivXCodecUninstall.exe
AddRemove-{D6BF6477-8369-489F-8DE6-3731F4B88560} - c:\windows\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-30 21:16
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-706699826-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d8,f5,9a,6e,df,d0,f4,04,92,6f,94,c0,6a,3d,49,b3,0e,6c,55,90,1b,a1,86,
  00,77,14,45,b0,e6,37,15,c6,c2,c7,3f,6e,f9,a4,5e,5b,c7,db,d6,f6,e9,20,45,c1,\
"??"=hex:8b,21,03,21,6c,ca,61,38,d3,ce,ea,23,c0,3d,37,a5
.
[HKEY_USERS\S-1-5-21-789336058-706699826-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:8e,08,97,eb,46,bc,42,c6,3a,9e,5f,8b,82,c7,4d,6d,d3,dd,aa,6d,43,
  e1,d0,ed,fd,b1,35,f2,40,d5,06,9f,ee,45,cb,54,78,ef,62,6e,76,6a,00,82,fe,71,\
"rkeysecu"=hex:3b,81,60,20,73,b1,83,d6,33,0b,eb,89,a3,67,13,90
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c517&MI_01&Col01\7&1fbd9d30&0&0000\LogConf]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c517&MI_01&Col01\7&39e1c0b0&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTServ.dll
c:\windows\system32\antiwpa.dll
.
Zeit der Fertigstellung: 2011-12-30  21:18:16
ComboFix-quarantined-files.txt  2011-12-30 20:17
.
Vor Suchlauf: 21 Verzeichnis(se), 46.967.054.336 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 47.890.530.304 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 55CD21E7A75174242FAFEF278605D66C
--- --- ---

cosinus 17.01.2012 21:34
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
File::
c:\windows\system32\drivers\xcpip.sys
c:\programme\quph0wdv.exe
c:\windows\system32\drivers\xu2yc8cq.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-

Driver::
xcpip
xpsec
xu2yc8cq.sys
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

hanspans 31.01.2012 20:29
Combofix Logfile:
Code:
ComboFix 12-01-30.02 - *** 31.01.2012  18:40:35.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2047.1365 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\***\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\programme\quph0wdv.exe"
"c:\windows\system32\drivers\xcpip.sys"
"c:\windows\system32\drivers\xu2yc8cq.sys"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\quph0wdv.exe
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XU2YC8CQ.SYS
-------\Service_xcpip
-------\Service_xpsec
-------\Service_xu2yc8cq.sys
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-28 bis 2012-01-31  ))))))))))))))))))))))))))))))
.
.
2012-01-29 21:21 . 2012-01-29 21:22        --------        d-----w-        c:\programme\Driver Cleaner Pro
2012-01-29 21:18 . 2012-01-29 21:20        --------        d-----w-        c:\programme\CCleaner
2012-01-22 14:01 . 2009-10-27 18:31        3982240        ----a-w-        c:\windows\system32\Flash10d.ocx
2012-01-22 14:01 . 2012-01-22 14:01        --------        d-----w-        c:\programme\StreamTransport
2012-01-18 22:14 . 2012-01-18 22:14        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\XMedia Recode
2012-01-18 22:12 . 2012-01-18 22:13        --------        d-----w-        c:\programme\XMedia Recode
2012-01-18 22:10 . 2012-01-18 22:10        626688        ----a-w-        c:\programme\Mozilla Firefox\msvcr80.dll
2012-01-18 22:10 . 2012-01-18 22:10        548864        ----a-w-        c:\programme\Mozilla Firefox\msvcp80.dll
2012-01-18 22:10 . 2012-01-18 22:10        479232        ----a-w-        c:\programme\Mozilla Firefox\msvcm80.dll
2012-01-18 22:10 . 2012-01-18 22:10        43992        ----a-w-        c:\programme\Mozilla Firefox\mozutils.dll
2012-01-17 15:36 . 2005-12-29 17:26        5376        ----a-w-        c:\windows\system32\antiwpa.dll
2012-01-03 07:22 . 2012-01-03 07:22        103864        ----a-w-        c:\programme\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-22 05:44 . 2011-05-18 17:33        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 14:27 . 2011-10-15 07:08        134856        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-11-25 21:57 . 2001-10-02 13:00        293888        ----a-w-        c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2001-10-02 13:00        1859712        ----a-w-        c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2001-10-02 13:00        61952        ----a-w-        c:\windows\system32\packager.exe
2011-11-16 14:21 . 2001-10-02 13:00        354816        ----a-w-        c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2001-10-02 13:00        152064        ----a-w-        c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2001-10-02 13:00        916992        ----a-w-        c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2001-10-02 13:00        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2001-10-02 13:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2001-10-02 13:00        385024        ----a-w-        c:\windows\system32\html.iec
2011-11-03 15:28 . 2001-10-02 13:00        387072        ----a-w-        c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2001-10-02 13:00        1297920        ----a-w-        c:\windows\system32\quartz.dll
2009-08-13 10:14 . 2011-11-20 14:03        472064        ----a-w-        c:\programme\RootRepeal.exe
2007-02-01 17:02 . 2009-02-02 23:21        313344        ----a-w-        c:\programme\hjsplit.exe
2004-11-28 19:33 . 2009-02-12 05:10        1208320        ----a-w-        c:\programme\IfoEdit.exe
2002-11-06 19:42 . 2009-02-12 12:49        237568        ----a-w-        c:\programme\VobEdit.exe
1998-04-08 15:20 . 2009-03-10 12:10        12048        ----a-w-        c:\programme\cpugrab.exe
1997-10-16 14:25 . 2009-03-10 01:52        143872        ----a-r-        c:\programme\SlowDown.exe
2012-01-18 22:10 . 2011-06-26 23:10        121816        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06        163328        --sh--r-        c:\windows\system32\flvDX.dll
2007-02-21 11:47        31232        --sh--r-        c:\windows\system32\msfDX.dll
2008-03-16 13:30        216064        --sh--r-        c:\windows\system32\nbDX.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2011-12-30_20.16.42  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-24 18:09 . 2012-01-24 18:09        16384              c:\windows\Temp\Perflib_Perfdata_254.dat
+ 2001-10-02 13:00 . 2012-01-18 02:16        69794              c:\windows\system32\perfc009.dat
- 2001-10-02 13:00 . 2011-11-08 14:37        69794              c:\windows\system32\perfc009.dat
+ 2001-10-02 13:00 . 2012-01-18 02:16        82740              c:\windows\system32\perfc007.dat
- 2001-10-02 13:00 . 2011-11-08 14:37        82740              c:\windows\system32\perfc007.dat
+ 2001-10-02 13:00 . 2011-10-14 14:47        23040              c:\windows\system32\mciseq.dll
- 2001-10-02 13:00 . 2008-04-14 06:52        23040              c:\windows\system32\mciseq.dll
+ 2011-11-20 06:12 . 2011-11-20 06:12        61952              c:\windows\system32\dllcache\packager.exe
+ 2011-10-14 14:47 . 2011-10-14 14:47        23040              c:\windows\system32\dllcache\mciseq.dll
+ 2011-12-25 02:49 . 2011-12-25 02:49        31504              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2009-01-05 20:16 . 2012-01-18 02:14        35088              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-05 20:16 . 2011-12-22 18:02        35088              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-05 20:16 . 2011-12-22 18:02        18704              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-05 20:16 . 2012-01-18 02:14        18704              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-05 20:16 . 2011-12-22 18:02        20240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-01-05 20:16 . 2012-01-18 02:14        20240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-01-18 02:20 . 2012-01-18 02:20        36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-13 01:07 . 2011-10-13 01:07        81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-10-13 01:07 . 2011-10-13 01:07        77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-10-13 01:07 . 2011-10-13 01:07        5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-13 01:06 . 2011-10-13 01:06        6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2001-10-02 13:00 . 2011-10-14 14:47        178176              c:\windows\system32\winmm.dll
- 2001-10-02 13:00 . 2008-04-14 06:52        178176              c:\windows\system32\winmm.dll
+ 2000-07-14 22:00 . 2000-07-14 22:00        101888              c:\windows\system32\VB6STKIT.DLL
+ 2001-10-02 13:00 . 2012-01-18 02:16        438372              c:\windows\system32\perfh009.dat
- 2001-10-02 13:00 . 2011-11-08 14:37        438372              c:\windows\system32\perfh009.dat
+ 2001-10-02 13:00 . 2012-01-18 02:16        455018              c:\windows\system32\perfh007.dat
- 2001-10-02 13:00 . 2011-11-08 14:37        455018              c:\windows\system32\perfh007.dat
+ 2010-06-18 17:44 . 2011-11-25 21:57        293888              c:\windows\system32\dllcache\winsrv.dll
- 2010-06-18 17:44 . 2011-06-20 17:44        293888              c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47        178176              c:\windows\system32\dllcache\winmm.dll
- 2009-05-04 11:13 . 2009-08-25 09:17        354816              c:\windows\system32\dllcache\winhttp.dll
+ 2009-05-04 11:13 . 2011-11-16 14:21        354816              c:\windows\system32\dllcache\winhttp.dll
+ 2009-05-04 08:49 . 2011-11-16 14:21        152064              c:\windows\system32\dllcache\schannel.dll
+ 2011-11-03 15:28 . 2011-11-03 15:28        387072              c:\windows\system32\dllcache\qdvd.dll
+ 2011-12-25 02:49 . 2011-12-25 02:49        436496              c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2011-12-25 04:40 . 2011-12-25 04:40        819200              c:\windows\Installer\8b55d2.msp
- 2009-01-05 20:16 . 2011-12-22 18:02        888080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-05 20:16 . 2012-01-18 02:14        888080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-05 20:16 . 2011-12-22 18:02        272648              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-01-05 20:16 . 2012-01-18 02:14        272648              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-01-05 20:16 . 2012-01-18 02:14        922384              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-05 20:16 . 2011-12-22 18:02        922384              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-05 20:16 . 2011-12-22 18:02        845584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-01-05 20:16 . 2012-01-18 02:14        845584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-01-05 20:16 . 2012-01-18 02:14        217864              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-05 20:16 . 2011-12-22 18:02        217864              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-05 20:16 . 2011-12-22 18:02        184080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-01-05 20:16 . 2012-01-18 02:14        184080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-01-05 20:16 . 2012-01-18 02:14        159504              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-01-05 20:16 . 2011-12-22 18:02        159504              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-01-18 02:20 . 2012-01-18 02:20        129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        771584              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe
+ 2012-01-18 02:19 . 2012-01-18 02:19        842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-13 01:07 . 2011-10-13 01:07        970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-13 01:07 . 2011-10-13 01:07        745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-13 01:07 . 2011-10-13 01:07        425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-13 01:07 . 2011-10-13 01:07        110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-13 01:07 . 2011-10-13 01:07        486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-11-12 22:29 . 2011-11-03 15:28        1297920              c:\windows\system32\dllcache\quartz.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50        5246976              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-12-26 08:59 . 2011-12-26 08:59        4368896              c:\windows\Installer\8b55cb.msp
+ 2011-12-08 18:24 . 2011-12-08 18:24        4989952              c:\windows\Installer\8b55c1.msp
+ 2012-01-18 19:03 . 2012-01-18 19:03        3974656              c:\windows\Installer\50404.msi
- 2009-01-05 20:16 . 2011-12-22 18:02        1172240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-01-05 20:16 . 2012-01-18 02:14        1172240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-01-05 20:16 . 2011-12-22 18:02        1165584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-01-05 20:16 . 2012-01-18 02:14        1165584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-01-18 02:20 . 2012-01-18 02:20        7982592              c:\windows\assembly\NativeImages_v2.0.50727_32\vjslib\e209e1f002a2cb4adcf9168cf3d4d8bf\vjslib.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        1908224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        2405888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll
+ 2012-01-18 02:19 . 2012-01-18 02:19        1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20        1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
+ 2012-01-18 02:19 . 2012-01-18 02:19        1672192              c:\windows\assembly\NativeImages_v2.0.50727_32\MDL.Draw.Renderer\846c67520212da20347ad5133ed640f7\MDL.Draw.Renderer.ni.dll
- 2011-10-13 01:07 . 2011-10-13 01:07        3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-13 01:07 . 2011-10-13 01:07        2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-08-31 10:27 . 2011-08-31 10:27        1277952              c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-18 02:17 . 2012-01-18 02:17        1277952              c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-10-13 01:06 . 2011-10-13 01:06        5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-18 02:15 . 2012-01-18 02:15        5246976              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-13 01:07 . 2011-10-13 01:07        2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-18 02:16 . 2012-01-18 02:16        4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-08-31 10:31 . 2011-10-13 01:07        4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-05-06 00:52 . 2012-01-18 02:17        52128560              c:\windows\system32\MRT.exe
+ 2012-01-18 02:20 . 2012-01-18 02:20        11817472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
+ 2012-01-18 02:19 . 2012-01-18 02:19        17403904              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
+ 2012-01-18 02:18 . 2012-01-18 02:18        10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Olympus ib"="c:\programme\Olympus\ib\olycamdetect.exe" [2011-03-11 93360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"PivotSoftware"="c:\programme\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT HPW"="c:\programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe" [2008-07-14 81920]
"amd_dc_opt"="c:\programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"MDS_Menu"="c:\programme\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"Olympus ib"="c:\programme\Olympus\ib\olycamdetect.exe" [2011-03-11 93360]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-5-6 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28        72208        ----a-w-        c:\programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43        69632        ------r-        c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDeluxe2]
2007-08-10 12:38        81920        ----a-w-        c:\programme\Hercules\Deluxe Optical Glass\CamService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-05-10 10:08        16342528        ------r-        c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-06-13 07:16        528384        ----a-r-        c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2008-10-28 21:00        64048        ----a-w-        c:\programme\VMware\VMware Player\hqtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\VMware\\VMware Player\\vmware-authd.exe"=
"c:\\Programme\\Messenger\\Msmsgs.exe"=
"c:\\Programme\\Hercules\\Deluxe Optical Glass\\Station2.exe"=
"c:\\Programme\\Nero\\Nero 9\\Nero ShowTime\\ShowTime.exe"=
"c:\\spiele\\Steam\\Steam.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Programme\\Winamp\\winamp.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Java\\jre6\\launch4j-tmp\\VMLoad.exe"=
.
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [22.02.2011 01:00 27632]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [15.10.2011 08:08 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [15.10.2011 08:08 86224]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [17.11.2011 22:10 366152]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [28.10.2008 22:01 54960]
S3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [04.11.2008 23:24 133504]
S3 CamdAudio;CamdAudio;c:\windows\system32\drivers\CamdAudio.sys [09.08.2011 19:16 23608]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [20.09.2009 23:07 94720]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [22.02.2011 01:00 13224]
S3 GSService;GSService;c:\windows\system32\GSService.exe [09.08.2011 19:16 1037824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17.11.2011 22:10 22216]
S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [24.05.2011 13:53 13064]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [09.08.2011 19:16 243712]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [29.10.2008 22:33 223128]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [14.10.2011 01:03 11520]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Alles mit FDM herunterladen - file://c:\programme\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\programme\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\programme\Free Download Manager\dllink.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\programme\Free Download Manager\dlfvideo.htm
LSP: c:\programme\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.220.1
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tde1ciq2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-01-31 18:51
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-706699826-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d8,f5,9a,6e,df,d0,f4,04,92,6f,94,c0,6a,3d,49,b3,0e,6c,55,90,1b,a1,86,
  00,77,14,45,b0,e6,37,15,c6,c2,c7,3f,6e,f9,a4,5e,5b,c7,db,d6,f6,e9,20,45,c1,\
"??"=hex:8b,21,03,21,6c,ca,61,38,d3,ce,ea,23,c0,3d,37,a5
.
[HKEY_USERS\S-1-5-21-789336058-706699826-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:8e,08,97,eb,46,bc,42,c6,3a,9e,5f,8b,82,c7,4d,6d,d3,dd,aa,6d,43,
  e1,d0,ed,fd,b1,35,f2,40,d5,06,9f,ee,45,cb,54,78,ef,62,6e,76,6a,00,82,fe,71,\
"rkeysecu"=hex:3b,81,60,20,73,b1,83,d6,33,0b,eb,89,a3,67,13,90
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:7f,63,3e,be,ec,25,8e,19,be,a7,92,c6
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c517&MI_01&Col01\7&1fbd9d30&0&0000\LogConf]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c517&MI_01&Col01\7&39e1c0b0&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(216)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTServ.dll
.
Zeit der Fertigstellung: 2012-01-31  18:55:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-31 17:55
ComboFix2.txt  2011-12-30 20:18
.
Vor Suchlauf: 23 Verzeichnis(se), 18.792.034.304 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 22.445.928.448 Bytes frei
.
- - End Of File - - 636933E10A43F2403EB279575C55F3D7
--- --- ---

cosinus 31.01.2012 21:38
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

hanspans 01.02.2012 12:22
Verdammt, da ist wieder was. Das kommt wohl davon, wenn man sowas so lange hinzieht.. ich hab mich außerdem nicht ganz an die Reihenfolge gehalten, denn:

Gmer hat sofort wieder mbroot gemeldet, was mich ziemlich überrascht hat. Interessehalber hab ich dann den tdsskiller mal scannen lassen, weil der es ja schlussendlich entfernen konnte und danach auch nichts mehr gefunden hatte.
Hat er aber dann, und irgendwie auch sofort entfernt (!?). Es ist exakt der gleiche Befall wie beim letzten Mal.

22:03:07.0823 0188 Detected object count: 1
22:03:07.0823 0188 Actual detected object count: 1
22:03:28.0823 0188 \Device\Harddisk0\DR0\# - copied to quarantine
22:03:28.0823 0188 \Device\Harddisk0\DR0 - copied to quarantine
22:03:28.0823 0188 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
22:03:28.0823 0188 \Device\Harddisk0\DR0 - ok
22:03:28.0823 0188 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure

Vollständiges log ist angehängt.
Gmer hat danach (zwischendurch Neustart) aber trotzdem noch angeschlagen, aswMBR ebenfalls. Bei aswMBR ist es derselbe sector wie beim letzten Mal, bei Gmer ein anderer (gmer hatte aber auch beim letzten mal nur im safety mode angeschlagen), allerdings dieses Mal derselbe wie bei aswMBR.

Beim OSAM scan hab ich die OSAM unbekannten Dateien nicht hochgeladen, meintest du das mit "Online-Abfrage"?

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-01 09:02:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5 SAMSUNG_HD502IJ rev.1AA01113
Running: 8jdp7j3b.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT  BA7C4D1C                                                                                                          ZwClose
SSDT  BA7C4CD6                                                                                                          ZwCreateKey
SSDT  BA7C4D26                                                                                                          ZwCreateSection
SSDT  BA7C4CCC                                                                                                          ZwCreateThread
SSDT  BA7C4CDB                                                                                                          ZwDeleteKey
SSDT  BA7C4CE5                                                                                                          ZwDeleteValueKey
SSDT  BA7C4D17                                                                                                          ZwDuplicateObject
SSDT  BA7C4CEA                                                                                                          ZwLoadKey
SSDT  BA7C4CB8                                                                                                          ZwOpenProcess
SSDT  BA7C4CBD                                                                                                          ZwOpenThread
SSDT  BA7C4D3F                                                                                                          ZwQueryValueKey
SSDT  BA7C4CF4                                                                                                          ZwReplaceKey
SSDT  BA7C4D30                                                                                                          ZwRequestWaitReplyPort
SSDT  BA7C4CEF                                                                                                          ZwRestoreKey
SSDT  BA7C4D2B                                                                                                          ZwSetContextThread
SSDT  BA7C4D35                                                                                                          ZwSetSecurityObject
SSDT  BA7C4CE0                                                                                                          ZwSetValueKey
SSDT  BA7C4D3A                                                                                                          ZwSystemDebugControl
SSDT  BA7C4CC7                                                                                                          ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!ZwCallbackReturn + 2D6C                                                                              80504608 4 Bytes  [EA, 4C, 7C, BA]
.text  C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                          section is writeable [0xB9578000, 0x235F87, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT    C:\WINDOWS\system32\winlogon.exe[848] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtLockProductActivationKeys]  [0500073E] C:\WINDOWS\system32\antiwpa.dll
IAT    C:\WINDOWS\system32\winlogon.exe[848] @ C:\WINDOWS\system32\winlogon.exe [USER32.dll!GetSystemMetrics]            [05000756] C:\WINDOWS\system32\antiwpa.dll

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000250                                     
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                 
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                              0
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                            0x0D 0x4E 0x23 0x20 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                 
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                              1
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                            0xB5 0x82 0xC8 0xF0 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet)                 
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)             
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                  0
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0x0D 0x4E 0x23 0x20 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)             
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  1
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                0xB5 0x82 0xC8 0xF0 ...

---- Disk sectors - GMER 1.0.15 ----

Disk  \Device\Harddisk0\DR0                                                                                            malicious Win32:MBRoot code @ sector 976752003

---- EOF - GMER 1.0.15 ----
--- --- ---


OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:47:16 on 01.02.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 9.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[ ] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "Microsoft Corporation" - C:\WINDOWS\system32\autochk.exe

[Common]
-----( HKLM\SOFTWARE\Microsoft\Windows Scripting Host\Locations )-----
"CScript" - "Microsoft Corporation" - C:\WINDOWS\System32\cscript.exe
"WScript" - "Microsoft Corporation" - C:\WINDOWS\System32\wscript.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"access.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\access.cpl
"ALSndMgr.cpl" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\ALSndMgr.cpl
"appwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
"bthprops.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\bthprops.cpl
"desk.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\desk.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"firewall.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\firewall.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"hdwwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\hdwwiz.cpl
"inetcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\inetcpl.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"intl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\intl.cpl
"irprops.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\irprops.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"joy.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\joy.cpl
"main.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\main.cpl
"mmsys.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\mmsys.cpl
"ncpa.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\ncpa.cpl
"netsetup.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\netsetup.cpl
"nusrmgr.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\nusrmgr.cpl
"nwc.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\nwc.cpl
"odbccp32.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\odbccp32.cpl
"powercfg.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\powercfg.cpl
"RTSndMgr.cpl" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\RTSndMgr.cpl
"sysdm.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl
"telephon.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\telephon.cpl
"timedate.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\timedate.cpl
"wscui.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wscui.cpl
"wuaucpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl
"Folder Size" - "Brio" - C:\Programme\FolderSize\FolderSize.cpl
"Internet Connection Firewall" - "Microsoft Corporation" - C:\WINDOWS\system32\Firewall.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"NetSetupWizard" - "Microsoft Corporation" - C:\WINDOWS\system32\NetSetup.cpl
"Speech" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Speech\sapi.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AF9005 BDA Device" (AF05BDA) - "AfaTech                  " - C:\WINDOWS\System32\drivers\AF05BDA.sys
"AFD" (AFD) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\afd.sys
"AMD Low Level Device Driver" (AmdLLD) - "AMD, Inc." - C:\WINDOWS\System32\DRIVERS\AmdLLD.sys
"AMD-Prozessortreiber" (AmdK8) - "Advanced Micro Devices" - C:\WINDOWS\System32\DRIVERS\AmdK8.sys
"Asynchroner RAS -Medientreiber" (AsyncMac) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\asyncmac.sys
"ATI Function Driver for High Definition Audio Service" (HdAudAddService) - "ATI Research Inc." - C:\WINDOWS\System32\drivers\AtiHdAud.sys
"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
"Audiostubtreiber" (audstub) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\audstub.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"BDA MPE-Filter" (MPE) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\MPE.sys
"BDA Slip De-Framer" (SLIP) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\SLIP.sys
"BDA-IPSink" (streamip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\StreamIP.sys
"Beep" (Beep) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Beep.sys
"Bereitstellungspunkt-Manager" (MountMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\MountMgr.sys
"Bluetooth USB For Bluetooth Service" (Btcsrusb) - "IVT Corporation." - C:\WINDOWS\System32\Drivers\btcusb.sys
"Bluetooth-Anforderungsblocktreiber" (BthEnum) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\BthEnum.sys
"Bluetooth-Gerät (PAN)" (BthPan) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\bthpan.sys
"Bluetooth-Gerät (RFCOMM-Protokoll-TDI)" (RFCOMM) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rfcomm.sys
"Bluetooth-Porttreiber" (BTHPORT) - "Microsoft Corporation" - C:\WINDOWS\System32\Drivers\BTHport.sys
"CamdAudio" (CamdAudio) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\System32\drivers\CamdAudio.sys
"camfilt2" (camfilt2) - "Guillemot Corporation" - C:\WINDOWS\System32\DRIVERS\camfilt2.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"CD-ROM-Laufwerktreiber" (Cdrom) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\cdrom.sys
"Cdaudio" (Cdaudio) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Cdaudio.sys
"Cdfs" (Cdfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Cdfs.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Diskettencontrollertreiber" (Fdc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fdc.sys
"Diskettenlaufwerktreiber" (Flpydisk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\flpydisk.sys
"dmload" (dmload) - "Microsoft Corp., Veritas Software." - C:\WINDOWS\System32\drivers\dmload.sys
"enodpl" (enodpl) - ? - C:\WINDOWS\System32\drivers\enodpl.sys  (File found, but it contains no detailed information)
"Filtertreiber für CD-Brennen" (Imapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\imapi.sys
"Filtertreiber für digitale CD-Audiowiedergabe" (redbook) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\redbook.sys
"Filtertreiber für IP-Verkehr" (IpFilterDriver) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
"Filtertreiber für IPX-Verkehr" (NwlnkFlt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
"Filtertreiber für Systemwiederherstellung" (sr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\sr.sys
"Fips" (Fips) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fips.sys
"FltMgr" (FltMgr) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\fltmgr.sys
"Fs_Rec" (Fs_Rec) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fs_Rec.sys
"GMSIPCI" (GMSIPCI) - ? - D:\INSTALL\GMSIPCI.SYS  (File not found)
"Hercules Deluxe Optical Glass" (SNPSTD3) - "Sonix Co. Ltd." - C:\WINDOWS\System32\DRIVERS\snpstd3.sys
"HTTP" (HTTP) - "Microsoft Corporation" - C:\WINDOWS\System32\Drivers\HTTP.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"i8042-Tastatur- und PS/2-Mausanschluss-Treiber" (i8042prt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\i8042prt.sys
"IP/IP-Tunneltreiber" (IpInIp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipinip.sys
"IPSEC-Treiber" (IPSec) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipsec.sys
"IPv6-Windows-Firewalltreiber" (Ip6Fw) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\ip6fw.sys
"IR-Enumeratordienst" (IRENUM) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\irenum.sys
"KSecDD" (KSecDD) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\KSecDD.sys
"Laufwerktreiber" (Disk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\disk.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"Logitech SetPoint KMDF HID Filter Driver" (LHidFilt) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys
"Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys
"Maus-HID-Treiber" (mouhid) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mouhid.sys
"Mausklassentreiber" (Mouclass) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mouclass.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"Microcode Updatetreiber" (Update) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\update.sys
"Microsoft ACPI-Treiber" (ACPI) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ACPI.sys
"Microsoft HID Class-Treiber" (hidusb) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\hidusb.sys
"Microsoft Kernel GS Wavetablesynthesizer" (swmidi) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\swmidi.sys
"Microsoft Kernel-Audiosplitter" (splitter) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\splitter.sys
"Microsoft Kernel-DLS-Synthesizer" (DMusic) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\DMusic.sys
"Microsoft Kernel-DRM-Audioentschlüsselung" (drmkaud) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\drmkaud.sys
"Microsoft Kernel-Echounterdrückung" (aec) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\aec.sys
"Microsoft Kernel-Systemaudiogerät" (sysaudio) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\sysaudio.sys
"Microsoft Kernel-Waveaudiomixer" (kmixer) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\kmixer.sys
"Microsoft Proxy für Streaming Clock" (MSPCLOCK) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSPCLOCK.sys
"Microsoft Proxy für Streaming Quality Manager" (MSPQM) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSPQM.sys
"Microsoft SideWinder Value Add - Filtertreiber" (GcKernel) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\GcKernel.sys
"Microsoft SideWinder-Minitreiber für virtuelles HID-Gerät" (HIDSwvd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys
"Microsoft Standard-USB-Haupttreiber" (usbccgp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbccgp.sys
"Microsoft Streaming Service Proxy" (MSKSSRV) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSKSSRV.sys
"Microsoft Streaming Tee/Sink-to-Sink-Konvertierung" (MSTEE) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSTEE.sys
"Microsoft TV-/Videoverbindung" (NdisIP) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\NdisIP.sys
"Microsoft UAA-Bustreiber für High Definition Audio" (HDAudBus) - "Windows (R) Server 2003 DDK provider" - C:\WINDOWS\System32\DRIVERS\HDAudBus.sys
"Microsoft-Systemverwaltungs-BIOS-Treiber" (mssmbios) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mssmbios.sys
"Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller" (usbehci) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbehci.sys
"Miniporttreiber für Microsoft USB Open Host-Controller" (usbohci) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbohci.sys
"mnmdd" (mnmdd) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\mnmdd.sys
"Modem" (Modem) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Modem.sys
"MRXSMB" (MRxSmb) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
"Msfs" (Msfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Msfs.sys
"Mup" (Mup) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Mup.sys
"NABTS/FEC VBI-Codec" (NABTSFEC) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
"NDIS-Benutzermodus-E/A-Protokoll" (Ndisuio) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndisuio.sys
"NDIS-Systemtreiber" (NDIS) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\NDIS.sys
"NDProxy" (NDProxy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\NDProxy.sys
"NetBios über TCP/IP" (NetBT) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\netbt.sys
"NetBIOS-Schnittstelle" (NetBIOS) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\netbios.sys
"Npfs" (Npfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Npfs.sys
"Ntfs" (Ntfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Ntfs.sys
"Null" (Null) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Null.sys
"Parallelanschluss (direkt)" (Raspti) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspti.sys
"Partitions-Manager" (PartMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\PartMgr.sys
"ParVdm" (ParVdm) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ParVdm.sys
"PCI-Bus-Treiber" (PCI) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\pci.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PCIIde" (PCIIde) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\pciide.sys
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"Pivot" (Pivot) - "Portrait Displays, Inc." - C:\WINDOWS\System32\drivers\pivot.sys
"Pivot Mouse/Pointers Filter Driver" (pivotmou) - "Portrait Displays, Inc." - C:\WINDOWS\system32\drivers\pivotmou.sys
"PnP-ISA/EISA-Bus-Treiber" (isapnp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\isapnp.sys
"Portrait Displays low level device driver" (PdiPorts) - "Portrait Displays, Inc." - C:\WINDOWS\System32\Drivers\PdiPorts.sys
"Protokoll für ATM ARP-Client" (Atmarpc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\atmarpc.sys
"Prozessortreiber" (Processor) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\processr.sys
"prwntdrv" (prwntdrv) - ? - C:\WINDOWS\system32\prwntdrv.sys  (File found, but it contains no detailed information)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"QoS-Paketplaner" (PSched) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\psched.sys
"RAS-IP-ARP-Treiber" (Wanarp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wanarp.sys
"RAS-NDIS-TAPI-Treiber" (NdisTapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndistapi.sys
"RAS-NDIS-WAN-Treiber" (NdisWan) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndiswan.sys
"Rdbss" (Rdbss) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rdbss.sys
"RDPCDD" (RDPCDD) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
"RDPWD" (RDPWD) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\RDPWD.sys
"Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver" (RTLE8023xp) - "Realtek Semiconductor Corporation                          " - C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys
"Redirector für WebDav-Client" (MRxDAV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mrxdav.sys
"Remotezugriff-PPPOE-Treiber" (RasPppoe) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspppoe.sys
"Secdrv" (Secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\WINDOWS\System32\DRIVERS\secdrv.sys
"SEMC USB Flash Driver" (ggsemc) - "Sony Ericsson Mobile Communications" - C:\WINDOWS\System32\DRIVERS\ggsemc.sys
"SEMC USB Flash Driver Filter" (ggflt) - "Sony Ericsson Mobile Communications" - C:\WINDOWS\System32\DRIVERS\ggflt.sys
"Serenum-Filtertreiber" (serenum) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\serenum.sys
"Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\RtkHDAud.sys
"Sfloppy" (Sfloppy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Sfloppy.sys
"Software-Bus-Treiber" (swenum) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\swenum.sys
"Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM)" (s116mgmt) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s116mgmt.sys
"Sony Ericsson Device 116 driver (WDM)" (s116bus) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s116bus.sys
"Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)" (s116nd5) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s116nd5.sys
"Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)" (s116unic) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s116unic.sys
"Sony Ericsson Device 116 USB WMC Modem Driver" (s116mdm) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s116mdm.sys
"Sony Ericsson Device 116 USB WMC Modem Filter" (s116mdfl) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s116mdfl.sys
"Sony Ericsson Device 116 USB WMC OBEX Interface" (s116obex) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s116obex.sys
"Sony Ericsson seehcri Device Driver" (seehcri) - "Sony Ericsson Mobile Communications" - C:\WINDOWS\System32\DRIVERS\seehcri.sys
"Srv" (Srv) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\srv.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"Standard-IDE/ESDI-Festplattencontroller" (atapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\atapi.sys
"Standardpaketklassifizierung" (Gpc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\msgpc.sys
"tandpl" (tandpl) - ? - C:\WINDOWS\System32\drivers\tandpl.sys  (File found, but it contains no detailed information)
"Tastatur-HID-Treiber" (kbdhid) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\kbdhid.sys
"Tastaturklassentreiber" (Kbdclass) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\kbdclass.sys
"TCP/IP-Protokolltreiber" (Tcpip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\tcpip.sys
"TDPIPE" (TDPIPE) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\TDPIPE.sys
"TDTCP" (TDTCP) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\TDTCP.sys
"Terminal-Gerätetreiber" (TermDD) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\termdd.sys
"Treiber für automatische RAS-Verbindung" (RasAcd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rasacd.sys
"Treiber für die Verwaltung logischer Datenträger" (dmio) - "Microsoft Corp., Veritas Software" - C:\WINDOWS\System32\drivers\dmio.sys
"Treiber für direkte Parallelverbindung" (Ptilink) - "Parallel Technologies, Inc." - C:\WINDOWS\System32\DRIVERS\ptilink.sys
"Treiber für IPX-Verkehrsweiterleitung" (NwlnkFwd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
"Treiber für Microsoft WINMM-WDM-Audiokompatibilität" (wdmaud) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\wdmaud.sys
"Treiber für parallelen Anschluss" (Parport) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\parport.sys
"Treiber für seriellen Anschluss" (Serial) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\serial.sys
"Treiber für Terminalserver-Geräteumleitung" (rdpdr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rdpdr.sys
"Treiber für Volume-Manager" (Ftdisk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ftdisk.sys
"Untertiteldecoder" (CCDECODE) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
"USB-Audiotreiber (WDM)" (usbaudio) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\usbaudio.sys
"USB-Massenspeichertreiber" (USBSTOR) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
"USB-Scannertreiber" (usbscan) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbscan.sys
"USB-Treiber für Bluetooth-Funkgerät" (BTHUSB) - "Microsoft Corporation" - C:\WINDOWS\System32\Drivers\BTHUSB.sys
"USB2-aktivierter Hub" (usbhub) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbhub.sys
"vaxscsi" (vaxscsi) - "Alcohol Soft Co., Ltd." - C:\WINDOWS\System32\Drivers\vaxscsi.sys
"VGA-Anzeigecontroller." (VgaSave) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\vga.sys
"VMware Bridge Protocol" (VMnetBridge) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys
"VMware hcmon" (hcmon) - "VMware, Inc." - C:\WINDOWS\system32\drivers\hcmon.sys
"VMware kbd" (vmkbd) - "VMware, Inc." - C:\WINDOWS\system32\drivers\VMkbd.sys
"VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\WINDOWS\system32\drivers\vmnetuserif.sys
"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys
"VMware vmci" (vmci) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\vmci.sys
"VMware VMparport" (VMparport) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\VMparport.sys
"VMware vmx86" (vmx86) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\vmx86.sys
"VolSnap" (VolSnap) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\VolSnap.sys
"Vstor2 WS60 Virtual Storage Driver" (vstor2-ws60) - "VMware, Inc." - C:\Programme\VMware\VMware Player\vstor2-ws60.sys
"WAN-Miniport (L2TP)" (Rasl2tp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
"WAN-Miniport (PPTP)" (PptpMiniport) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspptp.sys
"WD SCSI Pass Thru driver" (WDC_SAM) - "Western Digital Technologies" - C:\WINDOWS\System32\DRIVERS\wdcsam.sys
"Wdf01000" (Wdf01000) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\Wdf01000.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"Windows Socket 2.0 Non-IFS Service Provider Support Environment" (WS2IFSL) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\ws2ifsl.sys
"World Standard Teletext-Codec" (WSTCODEC) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
"Übersetzer für IP-Netzwerkadressen" (IpNat) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipnat.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{7790769C-0471-11d2-AF11-00C04FA35D02} "Adressbuch 6" - "Microsoft Corporation" - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} "Browser Customizations" - "Microsoft Corporation" - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS "Browseranpassungen" - "Microsoft Corporation" - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
>{26923b43-4d38-484f-9b9e-de460746276c} "Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
{89820200-ECBD-11cf-8B85-00AA005B4383} "Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Outlook Express 6" - "Microsoft Corporation" - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
{6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} "NetMeeting 3.01" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} "Outlook Express" - "Microsoft Corporation" - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "Versions-Update für Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieudinit.exe
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{04DAAD08-70EF-450E-834A-DCFAF9B48748} "{04DAAD08-70EF-450E-834A-DCFAF9B48748}" - "Brio" - C:\Programme\FolderSize\FolderSizeColumn.dll
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} "AP Class Install Handler filter" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
{733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3dd53d40-7b8b-11D0-b013-00aa0059ce02} "CDL: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll
{79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{79eac9e3-baf9-11ce-8c82-00aa004ba90b} "ftp: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{79eac9e4-baf9-11ce-8c82-00aa004ba90b} "gopher: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{79eac9e2-baf9-11ce-8c82-00aa004ba90b} "http: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{79eac9e5-baf9-11ce-8c82-00aa004ba90b} "https: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{05300401-BCBC-11d0-85E3-00C04FD85AB4} "MHTML Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\inetcomm.dll
{3050F406-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML About Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Mailto Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{76E67A63-06E9-11D2-A840-006008059382} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\WINDOWS\system32\itss.dll
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\WINDOWS\system32\itss.dll
{79eac9e6-baf9-11ce-8c82-00aa004ba90b} "mk: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll
{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} "WiaProtocol Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wiascr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{438755C2-A8BA-11D1-B96B-00A0C90312E1} "Browseui preloader" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{8C7461EF-2B13-11d2-BE35-3078302C2030} "Component Categories cache daemon" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{01E04581-4EEE-11d0-BFE9-00AA005B4383} "&Adresse" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{F2CF5485-4E02-4f68-819C-B92DE9277049} "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{32714800-2E5F-11d0-8B85-00AA0044F941} "&Nach Personen..." - "Microsoft Corporation" - C:\Programme\Outlook Express\wabfind.dll
{7e653215-fa25-46bd-a339-34a2790f3cb7} "Accessible" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{88C6C381-2E85-11D0-94DE-444553540000} "ActiveX Cache Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\occache.dll
{A08C11D2-A228-11d0-825B-00AA005B4383} "Address EditBox" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{85BBD920-42A0-1069-A2E4-08002B30309D} "Aktenkoffer" - "Microsoft Corporation" - C:\WINDOWS\system32\syncui.dll
{32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - ? -  (File not found | COM-object registry key not found)
{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} "Audio Media Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{91EA3F8B-C99B-11d0-9815-00C04FD91972} "Augmented Shell Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{6413BA2C-B461-11d1-A18A-080036B11A03} "Augmented Shell Folder 2" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "Ausführen..." - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} "Automatische Diashowwiedergabe der Shell" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{87D62D94-71B3-4b9a-9489-5FE6850DC73E} "Avi Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{F61FFEC1-754F-11d0-80CA-00AA005B4383} "BandProxy" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{7A9D77BD-5403-11d2-8785-2E0420524153} "Benutzerkonten" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{add36aa8-751a-4579-a266-d66f5202ccbb} "Bestellung von Abzügen über das Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{67EA19A0-CCEF-11d0-8024-00C04FD75D13} "CDF Extension Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} "Code Download Agent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{BD472F60-27FA-11cf-B8B4-444553540000} "Compressed (zipped) Folder Right Drag Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "Compressed (zipped) Folder SendTo Target" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "CompressedFolder" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "ConnectionAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{42071713-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Bildschirme" - "Microsoft Corporation" - C:\WINDOWS\system32\deskmon.dll
{42071712-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Grafikkarten" - "Microsoft Corporation" - C:\WINDOWS\system32\deskadp.dll
{7444C717-39BF-11D1-8CD9-00C04FC29D45} "CryptPKO Class" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptext.dll
{7444C719-39BF-11D1-8CD9-00C04FC29D45} "CryptSig Class" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptext.dll
{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} "Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{CFCCC7A0-A282-11D1-9082-006008059382} "Darwin App Publisher" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} "DfsShell Class" - "Microsoft Corporation" - C:\WINDOWS\system32\dfsshlex.dll
{62AE1F9A-126A-11D0-A14B-0800361B1103} "Directory Context Menu Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\dsuiext.dll
{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} "Directory Object Find" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{0D45D530-764B-11d0-A1CA-00AA00C16E65} "Directory Property UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dsuiext.dll
{8A23E65E-31C2-11d0-891C-00A024AB2DBB} "Directory Query UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{F020E586-5264-11d1-A532-0000F8757D7E} "Directory Start/Search Find" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{f92e8c40-3d33-11d2-b1aa-080036a75b03} "Display TroubleShoot CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\deskperf.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{22BF0C20-6DA7-11D0-B373-00A0C9034938} "Download Status" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{60fd46de-f830-4894-a628-6fa81bc0190d} "Drop-Zielobjekt für den Fotodruck-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\photowiz.dll
{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "E-Mail" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{00022613-0000-0000-C000-000000000046} "Eigenschaften für Multimediadatei" - "Microsoft Corporation" - C:\WINDOWS\system32\mmsys.cpl
{1F2E5C40-9550-11CE-99D2-00AA006E086C} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\rshx32.dll
{4E40F770-369C-11d0-8922-00A024AB2DBB} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\dssec.dll
{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\rshx32.dll
{59099400-57FF-11CE-BD94-0020AF85B590} "Erweiterung für Datenträgerkopien" - "Microsoft Corporation" - C:\WINDOWS\system32\diskcopy.dll
{EFA24E64-B078-11d0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{692F0339-CBAA-47e6-B5B5-3B84DB604E87} "Extensions Manager Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\extmgr.dll
{7A80E4A8-8005-11D2-BCF8-00C04F72C717} "ExtractIcon Class" - "Microsoft Corporation" - C:\WINDOWS\System32\mmcshext.dll
{EFA24E61-B078-11d0-89E4-00C04FC9E26E} "Favorites Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{D6277990-4C6A-11CF-8D87-00AA0060F5BF} "Geplante Tasks" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll
{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "Global Folder Settings" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "Hilfe und Support" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{FF393560-C2A7-11CF-BFF4-444553540000} "History" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{EFA24E62-B078-11d0-89E4-00C04FC9E26E} "History Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{25336920-03f9-11cf-8fd0-00aa00686f13} "HTML Document" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - "Hilgraeve, Inc." - C:\WINDOWS\system32\hticons.dll
{DBCE2480-C732-101B-BE72-BA78E9AD5B27} "ICC-Profil" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll
{675F097E-4C4D-11D0-B6C1-0800091AA605} "ICM-Druckerverwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll
{5DB2625A-54DF-11D0-B6C4-0800091AA605} "ICM-Monitorverwaltung" - "Microsoft Corporation" - C:\WINDOWS\System32\icmui.dll
{176d6597-26d3-11d1-b350-080036a75b03} "ICM-Scannerverwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll
{3028902F-6374-48b2-8DC6-9725E775B926} "IE AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{73CFD649-CD48-4fd8-A272-2070EA56526B} "IE BandProxy" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} "IE Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{1C1EDB47-CE22-4bbb-B608-77B48F83C823} "IE Fade Task" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{11016101-E366-4D22-BC06-4ADA335C892B} "IE History and Feeds Shell Data Source for Windows Search" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{6CF48EF8-44CD-45d2-8832-A16EA016311B} "IE IShellFolderBand" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{4B78D326-D922-44f9-AF2A-07805C2A3560} "IE Menu Band" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{205D7A97-F16D-4691-86EF-F3075DCCA57D} "IE Menu Desk Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{44C76ECD-F7FA-411c-9929-1B77BA77F524} "IE Menu Site" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{07C45BB1-4A8C-4642-A1F5-237E7215FF66} "IE Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{6038EF75-ABFC-4e59-AB6F-12D397F6568D} "IE Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{B31C5FAE-961F-415b-BAF0-E697A5178B94} "IE Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} "IE Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} "IE MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{43886CD5-6529-41c4-A707-7B3C92C05E68} "IE Navigation Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} "IE Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} "IE RSS Feeds Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{30D02401-6A81-11d0-8274-00C04FD5AE38} "IE Search Band" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{E6EE9AAC-F76B-4947-8260-A9F136138E11} "IE Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} "IE Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} "IE Tracking Shell Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "IE4 Suite-Begrüßungsbildschirm" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{169A0691-8DF9-11d1-A1C4-00C04FD75D13} "In-pane search" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{0B124F8F-91F0-11D1-B8B5-006008059382} "Installed Apps Enumerator" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{871C5380-42A0-1069-A2EA-08002B30309D} "Internet Name Space" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{FBF23B40-E3F0-101B-8488-00AA003E56F8} "Internet Shortcut" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{131A6951-7F78-11D0-A979-00C04FD705A2} "ISFBand OC" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} "Kabinettdatei" - "Microsoft Corporation" - C:\WINDOWS\system32\cabview.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\kbcplext.dll
{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} "Kompatibilitätsseite" - "Microsoft Corporation" - C:\WINDOWS\system32\SlayerXP.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\mcplext.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - C:\Programme\ICQLite\ICQLiteShell.dll
{3050f3d9-98b5-11cf-bb82-00aa00bdce0b} "MHTML Document" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{143A62C8-C33B-11D1-84FE-00C04FA34A14} "Microsoft Agent Character Property Sheet Handler" - "Microsoft Corporation" - C:\WINDOWS\msagent\agentpsh.dll
{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "Microsoft Browser Architecture" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{7BA4C742-9E81-11CF-99D3-00AA004AE837} "Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{7988B573-EC89-11cf-9C00-00AA00A14F56} "Microsoft Disk Quota UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquoui.dll
{6A205B57-2567-4A2C-B881-F787FAB579A3} "Microsoft DocProp Inplace Calendar Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} "Microsoft DocProp Inplace Droplist Combo Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{A9CF0EAE-901A-4739-A481-E35B73E47F6D} "Microsoft DocProp Inplace Edit Box Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{8EE97210-FD1F-4B19-91DA-67914005F020} "Microsoft DocProp Inplace ML Edit Box Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} "Microsoft DocProp Inplace Time Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{883373C3-BF89-11D1-BE35-080036B11A03} "Microsoft DocProp Shell Ext" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{63da6ec0-2e98-11cf-8d82-444553540000} "Microsoft FTP Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\msieftp.dll
{00BB2764-6A77-11D0-A535-00C04FD7D062} "Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{5E6AB780-7743-11CF-A12B-00AA004AE837} "Microsoft Internet Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{00BB2765-6A77-11D0-A535-00C04FD7D062} "Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{2206CDB2-19C1-11D1-89E0-00C04FD7A829} "Microsoft OLE DB Service Component Data Links" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll
{03C036F1-A186-11D0-824A-00AA005B4383} "Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{3C374A40-BAE4-11CF-BF7D-00AA006946EE} "Microsoft Url History Service" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{8856f961-340a-11d0-a96b-00c04fd705a2} "Microsoft Web Browser" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{A6FD9E45-6E44-43f9-8644-08598F5A74D9} "Midi Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{6756A641-DE71-11d0-831B-00AA005B4383} "MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{ECF03A33-103D-11d2-854D-006008059367} "MyDocs Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{ECF03A32-103D-11d2-854D-006008059367} "MyDocs Drop Target" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{4a7ded0a-ad25-11d0-98a8-0800361b1103} "MyDocs menu and properties" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? -  (File not found | COM-object registry key not found)
{1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? -  (File not found | COM-object registry key not found)
{846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{7007ACC7-3202-11D1-AAD2-00805FC1270E} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll
{992CFFA0-F557-101A-88EC-00DD010CCC48} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll
{10CFC467-4392-11d2-8DB4-00C04FA31A66} "Offline Files Folder Options" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{750fdf0e-2a26-11d1-a3ea-080036587f03} "Offline Files Menu" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{3EA48300-8CF6-101B-84FB-666CCB9BCD32} "OLE-Eigenschaftenseite für Dokumente" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop.dll
{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} "Ordner 'Offlinedateien'" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{58f1f272-9240-4f51-b6d4-fd63d1618591} "Passport-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{654D0431-C930-43C4-B8DA-9AA01BA5B486} "PDI GUI Engine COM Obj" - "Portrait Displays, Inc" - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\HtmlEngine.dll
{41E300E0-78B6-11ce-849B-444553540000} "PlusPack CPL-Erweiterung" - "Microsoft Corporation" - C:\WINDOWS\system32\themeui.dll
{35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll
{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll
{640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll
{D8BD2030-6FC9-11D0-864F-00AA006809D9} "PostAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{9DB7A13C-F208-4981-8353-73CC61AE2783} "Previous Versions" - "Microsoft Corporation" - C:\WINDOWS\system32\twext.dll
{596AB062-B4D2-4215-9F74-E9109B0A8153} "Previous Versions Property Page" - "Microsoft Corporation" - C:\WINDOWS\system32\twext.dll
{AF4F6510-F982-11d0-8595-00AA004CD6D8} "Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{F0152790-D56E-4445-850E-4F3117DB740C} "Remote Sessions CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\remotepg.dll
{3F953603-1008-4f6e-A73A-04AAC7A992F1} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{83bbcbf3-b28a-4919-a5aa-73027445d672} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{905667aa-acd6-11d2-8080-00805f6596d2} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{E211B736-43FD-11D1-9EFB-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "Scheduling UI icon handler" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll
{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "Scheduling UI property sheet handler" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll
{BD84B380-8CA2-1069-AB1D-08000948F534} "Schriftarten" - "Microsoft Corporation" - C:\WINDOWS\system32\fontext.dll
{D20EA4E1-3957-11d2-A40B-0C5020524152} "Schriftarten" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{9461b922-3c5a-11d2-bf8b-00c04fb93661} "Search Assistant OC" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\system32\sendmail.dll
{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\system32\sendmail.dll
{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} "Set Program Access and Defaults" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{352EC2B7-8B9A-11D1-B8AE-006008059382} "Shell Application Manager" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
{0A89A860-D7B1-11CE-8350-444553540000} "Shell Automation Inproc Service" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{ECD4FC4E-521C-11D0-B792-00A0C90312E1} "Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{ECD4FC4C-521C-11D0-B792-00A0C90312E1} "Shell DeskBar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} "Shell DeskBarApp" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} "Shell DocObject Viewer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{60254CA5-953B-11CF-8C96-00AA00B8708C} "Shell Extension For Windows Script Host" - "Microsoft Corporation" - C:\WINDOWS\system32\wshext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{00BB2763-6A77-11D0-A535-00C04FD7D062} "Shell Microsoft AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} "Shell properties for a DS object" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{ECD4FC4D-521C-11D0-B792-00A0C90312E1} "Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{21569614-B795-46b1-85F4-E737A8DC09AD} "Shell Search Band" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{56117100-C0CD-101B-81E2-00AA004AE837} "Shell-Datenauszughandler" - "Microsoft Corporation" - C:\WINDOWS\system32\shscrap.dll
{77597368-7b15-11d0-a0c2-080036af3f03} "Shellerweiterung für Webdrucker" - "Microsoft Corporation" - C:\WINDOWS\system32\printui.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{40dd6e20-7c17-11ce-a804-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll
{59be4990-f85c-11ce-aff7-00aa003ca9f6} "Shellerweiterungen für Microsoft Windows-Netzwerkobjekte" - "Microsoft Corporation" - C:\WINDOWS\system32\ntlanui2.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{6b33163c-76a5-4b6c-bf21-45de9cd503a1} "Shellobjekt des Webpublishing-Assistenten" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll
{F5175861-2688-11d0-9C5E-00AA00A45957} "Subscription Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "Subscription Mgr" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "Suchen" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{0DF44EAA-FF21-4412-828E-260A8728E7F1} "Taskleiste und Startmenü" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
{7BD29E00-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{7BD29E01-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} "The Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{acf35015-526e-4230-9596-becbe19f0ac9} "Track Popup Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "TrayAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{7376D660-C583-11d0-A3A5-00C04FD706EC} "TridentImageExtractor" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{DD313E04-FEFF-11d1-8ECD-0000F87A470C} "User Assist" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{D20EA4E1-3957-11d2-A40B-0C5020524153} "Verwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} "Video Media Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{c5a40261-cd64-4ccf-84cb-c394da41d590} "Video Thumbnail Extractor" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{E4B29F9D-D390-480b-92FD-7DDB47101D71} "Wav Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{07798131-AF23-11d1-9111-00A0C98BA67D} "Web Search" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "WebCheck SyncMgr Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "WebCheckChannelAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{08165EA0-E946-11CF-9C87-00AA005127ED} "WebCheckWebCrawler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{CC6EEFFB-43F6-46c5-9619-51D571967F7D} "Webpublishing-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL
{44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL
{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "Windows-Sicherheit" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
{fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" - "Microsoft Corporation" - C:\WINDOWS\system32\stobject.dll
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\WPDShServiceObj.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} "File Search Explorer Band" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Adresse" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
<binary data> "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225197551362
{6414512B-B978-451D-A0D8-FCFDF33E833C} "WUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wuweb.dll / hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225197402253
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Programme\Messenger\Msgslang.dll,-61144" - "Microsoft Corporation" - C:\Programme\Messenger\msmsgs.exe
"Exec" - "Microsoft Corporation" - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
"ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{38E51477-DDB4-4aed-9D61-D0C193E10749} "Rip YouTube File" - ? - C:\Programme\MelodyCan\YouTubeRipper.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"advapi32" - "Microsoft Corporation" - C:\WINDOWS\system32\advapi32.dll
"comdlg32" - "Microsoft Corporation" - C:\WINDOWS\system32\comdlg32.dll
"gdi32" - "Microsoft Corporation" - C:\WINDOWS\system32\gdi32.dll
"imagehlp" - "Microsoft Corporation" - C:\WINDOWS\system32\imagehlp.dll
"kernel32" - "Microsoft Corporation" - C:\WINDOWS\system32\kernel32.dll
"lz32" - "Microsoft Corporation" - C:\WINDOWS\system32\lz32.dll
"ole32" - "Microsoft Corporation" - C:\WINDOWS\system32\ole32.dll
"oleaut32" - "Microsoft Corporation" - C:\WINDOWS\system32\oleaut32.dll
"olecli32" - "Microsoft Corporation" - C:\WINDOWS\system32\olecli32.dll
"olecnv32" - "Microsoft Corporation" - C:\WINDOWS\system32\olecnv32.dll
"olesvr32" - "Microsoft Corporation" - C:\WINDOWS\system32\olesvr32.dll
"olethk32" - "Microsoft Corporation" - C:\WINDOWS\system32\olethk32.dll
"rpcrt4" - "Microsoft Corporation" - C:\WINDOWS\system32\rpcrt4.dll
"shell32" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
"url" - "Microsoft Corporation" - C:\WINDOWS\system32\url.dll
"urlmon" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
"user32" - "Microsoft Corporation" - C:\WINDOWS\system32\user32.dll
"version" - "Microsoft Corporation" - C:\WINDOWS\system32\version.dll
"wininet" - "Microsoft Corporation" - C:\WINDOWS\system32\wininet.dll
"wldap32" - "Microsoft Corporation" - C:\WINDOWS\system32\wldap32.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Microsoft Corporation" - C:\WINDOWS\system32\msv1_0.dll
"Notification packages" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\kerberos.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\msv1_0.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\schannel.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\wdigest.dll
-----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )-----
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\msapsspc.dll
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\schannel.dll
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\digest.dll
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\msnsspc.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Olympus ib" - "OLYMPUS IMAGING CORP." - "C:\Programme\Olympus\ib\olycamdetect.exe" /Startup
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe
"Userinit" - "Microsoft Corporation" - C:\WINDOWS\system32\userinit.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - "Microsoft Corporation" - C:\WINDOWS\system32\rdpclip.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"amd_dc_opt" - "AMD" - C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"BluetoothAuthenticationAgent" - "Microsoft Corporation" - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"DT HPW" - ? - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe -HPW  (File found, but it contains no detailed information)
"Kernel and Hardware Abstraction Layer" - "Logitech, Inc." - KHALMNPR.EXE
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MDS_Menu" - "CyberLink Corp." - "C:\Programme\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Programme\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
"Olympus ib" - "OLYMPUS IMAGING CORP." - "C:\Programme\Olympus\ib\olycamdetect.exe" /Startup
"PivotSoftware" - "Portrait Displays, Inc." - "C:\Programme\Portrait Displays\Pivot Software\wpctrl.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Microsoft Windows-Netzwerk" - "Microsoft Corporation" - C:\WINDOWS\System32\ntlanman.dll
"Microsoft-Terminaldienste" - "Microsoft Corporation" - C:\WINDOWS\System32\drprov.dll
"Web Client Network" - "Microsoft Corporation" - C:\WINDOWS\System32\davclnt.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"BJ Language Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\cnbjmon.dll
"Local Port" - "Microsoft Corporation" - C:\WINDOWS\system32\localspl.dll
"PJL Language Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\pjlmon.dll
"Standard TCP/IP Port" - "Microsoft Corporation" - C:\WINDOWS\system32\tcpmon.dll
"USB Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\usbmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Ablagemappe" (ClipSrv) - "Microsoft Corporation" - C:\WINDOWS\system32\clipsrv.exe
"Anmeldedienst" (Netlogon) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"Anwendungsverwaltung" (AppMgmt) - "Microsoft Corporation" - C:\WINDOWS\System32\appmgmts.dll
"Arbeitsstationsdienst" (lanmanworkstation) - "Microsoft Corporation" - C:\WINDOWS\System32\wkssvc.dll
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe
"Automatic Updates" (wuauserv) - "Microsoft Corporation" - C:\WINDOWS\system32\wuauserv.dll
"Automatische Konfiguration (verkabelt)" (Dot3svc) - "Microsoft Corporation" - C:\WINDOWS\System32\dot3svc.dll
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Bluetooth Support Service" (BthServ) - "Microsoft Corporation" - C:\WINDOWS\System32\bthserv.dll
"COM+-Ereignissystem" (EventSystem) - "Microsoft Corporation" - C:\WINDOWS\system32\es.dll
"COM+-Systemanwendung" (COMSysApp) - "Microsoft Corporation" - C:\WINDOWS\system32\dllhost.exe
"Computerbrowser" (Browser) - "Microsoft Corporation" - C:\WINDOWS\System32\browser.dll
"CryptSvc" (CryptSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\cryptsvc.dll
"DCOM-Server-Prozessstart" (DcomLaunch) - "Microsoft Corporation" - C:\WINDOWS\system32\rpcss.dll
"Designs" (Themes) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll
"DHCP-Client" (Dhcp) - "Microsoft Corporation" - C:\WINDOWS\System32\dhcpcsvc.dll
"Dienst für Seriennummern der tragbaren Medien" (WmdmPmSN) - "Microsoft Corporation" - C:\WINDOWS\system32\MsPMSNSv.dll
"Distributed Transaction Coordinator" (MSDTC) - "Microsoft Corporation" - C:\WINDOWS\system32\msdtc.exe
"DNS-Client" (Dnscache) - "Microsoft Corporation" - C:\WINDOWS\System32\dnsrslvr.dll
"Druckwarteschlange" (Spooler) - "Microsoft Corporation" - C:\WINDOWS\system32\spoolsv.exe
"Ereignisprotokoll" (Eventlog) - "Microsoft Corporation" - C:\WINDOWS\system32\services.exe
"Extensible Authentication-Protokolldienst" (EapHost) - "Microsoft Corporation" - C:\WINDOWS\System32\eapsvc.dll
"Fehlerberichterstattungsdienst" (ERSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\ersvc.dll
"Folder Size" (FolderSize) - "Brio" - C:\Programme\FolderSize\FolderSizeSvc.exe
"Gatewaydienst auf Anwendungsebene" (ALG) - "Microsoft Corporation" - C:\WINDOWS\System32\alg.exe
"Geschützter Speicher" (ProtectedStorage) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"GSService" (GSService) - ? - C:\WINDOWS\system32\GSService.exe  (File found, but it contains no detailed information)
"HID Input Service" (HidServ) - "Microsoft Corporation" - C:\WINDOWS\System32\hidserv.dll
"Hilfe und Support" (helpsvc) - "Microsoft Corporation" - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
"HTTP-SSL" (HTTPFilter) - "Microsoft Corporation" - C:\WINDOWS\System32\w3ssl.dll
"IMAPI-CD-Brenn-COM-Dienste" (ImapiService) - "Microsoft Corporation" - C:\WINDOWS\system32\imapi.exe
"Indexdienst" (CiSvc) - "Microsoft Corporation" - C:\WINDOWS\system32\cisvc.exe
"Integritätsschlüssel- und Zertifikatverwaltungsdienst" (hkmsvc) - "Microsoft Corporation" - C:\WINDOWS\System32\kmsvc.dll
"Intelligenter Hintergrundübertragungsdienst" (BITS) - "Microsoft Corporation" - C:\WINDOWS\system32\qmgr.dll
"IPSEC-Dienste" (PolicyAgent) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Kompatibilität für schnelle Benutzerumschaltung" (FastUserSwitchingCompatibility) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll
"Konfigurationsfreie drahtlose Verbindung" (WZCSVC) - "Microsoft Corporation" - C:\WINDOWS\System32\wzcsvc.dll
"Leistungsdatenprotokolle und Warnungen" (SysmonLog) - "Microsoft Corporation" - C:\WINDOWS\system32\smlogsvc.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"MS Software Shadow Copy Provider" (SwPrv) - "Microsoft Corporation" - C:\WINDOWS\system32\dllhost.exe
"NAP-Agent (Network Access Protection)" (napagent) - "Microsoft Corporation" - C:\WINDOWS\System32\qagentrt.dll
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
"NetMeeting-Remotedesktop-Freigabe" (mnmsrvc) - "Microsoft Corporation" - C:\WINDOWS\system32\mnmsrvc.exe
"Netzwerkverbindungen" (Netman) - "Microsoft Corporation" - C:\WINDOWS\System32\netman.dll
"Netzwerkversorgungsdienst" (xmlprov) - "Microsoft Corporation" - C:\WINDOWS\System32\xmlprov.dll
"NLA (Network Location Awareness)" (Nla) - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll
"NT-LM-Sicherheitsdienst" (NtLmSsp) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Plug & Play" (PlugPlay) - "Microsoft Corporation" - C:\WINDOWS\system32\services.exe
"Portrait Displays Display Tune Service" (DTSRVC) - ? - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe  (File found, but it contains no detailed information)
"QoS-RSVP" (RSVP) - "Microsoft Corporation" - C:\WINDOWS\system32\rsvp.exe
"RAS-Verbindungsverwaltung" (RasMan) - "Microsoft Corporation" - C:\WINDOWS\System32\rasmans.dll
"Remote-Registrierung" (RemoteRegistry) - "Microsoft Corporation" - C:\WINDOWS\system32\regsvc.dll
"Remoteprozeduraufruf (RPC)" (RpcSs) - "Microsoft Corporation" - C:\WINDOWS\System32\rpcss.dll
"RPC-Locator" (RpcLocator) - "Microsoft Corporation" - C:\WINDOWS\system32\locator.exe
"Secondary Logon" (seclogon) - "Microsoft Corporation" - C:\WINDOWS\System32\seclogon.dll
"Server" (lanmanserver) - "Microsoft Corporation" - C:\WINDOWS\System32\srvsvc.dll
"Shellhardwareerkennung" (ShellHWDetection) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll
"Sicherheitscenter" (wscsvc) - "Microsoft Corporation" - C:\WINDOWS\system32\wscsvc.dll
"Sicherheitskontenverwaltung" (SamSs) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"Sitzungs-Manager für Remotedesktophilfe" (RDSessMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\sessmgr.exe
"Smartcard" (SCardSvr) - "Microsoft Corporation" - C:\WINDOWS\System32\SCardSvr.exe
"SMServer" (SMServer) - "SMServer" - C:\WINDOWS\system32\snmvtsvc.exe
"SSDP-Suchdienst" (SSDPSRV) - "Microsoft Corporation" - C:\WINDOWS\System32\ssdpsrv.dll
"Systemereignisbenachrichtigung" (SENS) - "Microsoft Corporation" - C:\WINDOWS\system32\sens.dll
"Systemwiederherstellungsdienst" (srservice) - "Microsoft Corporation" - C:\WINDOWS\system32\srsvc.dll
"Taskplaner" (Schedule) - "Microsoft Corporation" - C:\WINDOWS\system32\schedsvc.dll
"TCP/IP-NetBIOS-Hilfsprogramm" (LmHosts) - "Microsoft Corporation" - C:\WINDOWS\System32\lmhsvc.dll
"Telefonie" (TapiSrv) - "Microsoft Corporation" - C:\WINDOWS\System32\tapisrv.dll
"Telnet" (TlntSvr) - "Microsoft Corporation" - C:\WINDOWS\system32\tlntsvr.exe
"Terminaldienste" (TermService) - "Microsoft Corporation" - C:\WINDOWS\System32\termsrv.dll
"Treibererweiterungen für Windows-Verwaltungsinstrumentation" (Wmi) - "Microsoft Corporation" - C:\WINDOWS\System32\advapi32.dll
"Universeller Plug & Play-Gerätehost" (upnphost) - "Microsoft Corporation" - C:\WINDOWS\System32\upnphost.dll
"Unterbrechungsfreie Stromversorgung" (UPS) - "Microsoft Corporation" - C:\WINDOWS\System32\ups.exe
"Verwaltung für automatische RAS-Verbindung" (RasAuto) - "Microsoft Corporation" - C:\WINDOWS\System32\rasauto.dll
"Verwaltung logischer Datenträger" (dmserver) - "Microsoft Corp." - C:\WINDOWS\System32\dmserver.dll
"Verwaltungsdienst für die Verwaltung logischer Datenträger" (dmadmin) - "Microsoft Corp., Veritas Software" - C:\WINDOWS\System32\dmadmin.exe
"VMware Agent Service" (ufad-ws60) - "VMware, Inc." - C:\Programme\VMware\VMware Player\vmware-ufad.exe
"Volumeschattenkopie" (VSS) - "Microsoft Corporation" - C:\WINDOWS\System32\vssvc.exe
"Webclient" (WebClient) - "Microsoft Corporation" - C:\WINDOWS\System32\webclnt.dll
"Wechselmedien" (NtmsSvc) - "Microsoft Corporation" - C:\WINDOWS\system32\ntmssvc.dll
"Windows Audio" (AudioSrv) - "Microsoft Corporation" - C:\WINDOWS\System32\audiosrv.dll
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Installer" (MSIServer) - "Microsoft Corporation" - C:\WINDOWS\system32\msiexec.exe
"Windows Media Player-Netzwerkfreigabedienst" (WMPNetworkSvc) - "Microsoft Corporation" - C:\Programme\Windows Media Player\WMPNetwk.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows-Bilderfassung (WIA)" (stisvc) - "Microsoft Corporation" - C:\WINDOWS\system32\wiaservc.dll
"Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" (SharedAccess) - "Microsoft Corporation" - C:\WINDOWS\System32\ipnathlp.dll
"Windows-Verwaltungsinstrumentation" (winmgmt) - "Microsoft Corporation" - C:\WINDOWS\system32\wbem\WMIsvc.dll
"Windows-Zeitgeber" (W32Time) - "Microsoft Corporation" - C:\WINDOWS\system32\w32time.dll
"WMI-Leistungsadapter" (WmiApSrv) - "Microsoft Corporation" - C:\WINDOWS\system32\wbem\wmiapsrv.exe
"Überwachung verteilter Verknüpfungen (Client)" (TrkWks) - "Microsoft Corporation" - C:\WINDOWS\system32\trkwks.dll

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\logonui.exe
"VmApplet" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" - "Microsoft Corporation" - C:\WINDOWS\system32\dot3gpclnt.dll
{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} "Drahtlos" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll
{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} "EFS recovery" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll
{25537BA6-77A8-11D2-9B6C-0000F8080861} "Folder Redirection" - "Microsoft Corporation" - C:\WINDOWS\system32\fdeploy.dll
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} "Internet Explorer Machine Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll
{7B849a69-220F-451E-B3FE-2CB811AF94AE} "Internet Explorer User Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll
{e437bc1c-aa7d-11d2-a382-00c04f991e27} "IP-Sicherheit" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll
{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft-Datenträgerkontingent" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquota.dll
{426031c0-0b47-4852-b0ca-ac3d37bfcb39} "QoS-Paketplaner" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll
{827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll
{42B5FAAE-6536-11d2-AE5A-0000F87571E3} "Skripts" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - "Microsoft Corporation" - C:\WINDOWS\system32\appmgmts.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"Antiwpa" - ? - C:\WINDOWS\system32\antiwpa.dll
"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll
"crypt32chain" - "Microsoft Corporation" - C:\WINDOWS\system32\crypt32.dll
"cryptnet" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptnet.dll
"cscdll" - "Microsoft Corporation" - C:\WINDOWS\system32\cscdll.dll
"dimsntfy" - "Microsoft Corporation" - C:\WINDOWS\System32\dimsntfy.dll
"LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll
"ScCertProp" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll
"Schedule" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll
"sclgntfy" - "Microsoft Corporation" - C:\WINDOWS\system32\sclgntfy.dll
"SensLogn" - "Microsoft Corporation" - C:\WINDOWS\system32\WlNotify.dll
"termsrv" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
"wlballoon" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"Bluetooth-Namespace" - "Microsoft Corporation" - C:\WINDOWS\system32\wshbth.dll
"NLA-Namespace" - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll
"NTDS" - "Microsoft Corporation" - C:\WINDOWS\System32\winrnr.dll
"TCP/IP" - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{0709CF3C-9E2C-478F-99B5-30B97CA91745}] DATAGRAM 12" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{0709CF3C-9E2C-478F-99B5-30B97CA91745}] SEQPACKET 12" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{0A199CEA-760A-44BB-8A36-93956AFDB2EF}] DATAGRAM 14" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{0A199CEA-760A-44BB-8A36-93956AFDB2EF}] SEQPACKET 14" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{0B51A8A5-1808-4D8E-BF30-973BE656CE95}] DATAGRAM 3" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{0B51A8A5-1808-4D8E-BF30-973BE656CE95}] SEQPACKET 3" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{133A85F3-90C1-470B-926E-F570BCC95CA7}] DATAGRAM 0" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{133A85F3-90C1-470B-926E-F570BCC95CA7}] SEQPACKET 0" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{3CA80FA3-CF9A-4125-A516-D34D0FE6E469}] DATAGRAM 4" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{3CA80FA3-CF9A-4125-A516-D34D0FE6E469}] SEQPACKET 4" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{5A87CC3B-4C2D-4A87-B66E-7BD9CD79579B}] DATAGRAM 2" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{5A87CC3B-4C2D-4A87-B66E-7BD9CD79579B}] SEQPACKET 2" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{841CDB03-0D68-49E2-94F3-4AF89C09B111}] DATAGRAM 7" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{841CDB03-0D68-49E2-94F3-4AF89C09B111}] SEQPACKET 7" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{91902120-CA1B-489D-8C65-798BD782B1C6}] DATAGRAM 11" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{91902120-CA1B-489D-8C65-798BD782B1C6}] SEQPACKET 11" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{A036A73C-F651-4245-A36D-0A56FFC783B5}] DATAGRAM 9" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{A036A73C-F651-4245-A36D-0A56FFC783B5}] SEQPACKET 9" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{A81140B4-FFD3-4F9E-BB9A-E574BF86ACFD}] DATAGRAM 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{A81140B4-FFD3-4F9E-BB9A-E574BF86ACFD}] SEQPACKET 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{C8AF8042-36A8-4F29-BCFC-34B4234AEC13}] DATAGRAM 8" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{C8AF8042-36A8-4F29-BCFC-34B4234AEC13}] SEQPACKET 8" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{DE959B5E-06BD-42AE-A729-0C10F24384ED}] DATAGRAM 10" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{DE959B5E-06BD-42AE-A729-0C10F24384ED}] SEQPACKET 10" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7CBDE37-DA11-4BB2-9E62-6C61BDB2CD26}] DATAGRAM 6" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7CBDE37-DA11-4BB2-9E62-6C61BDB2CD26}] SEQPACKET 6" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{EED0E989-008A-4522-AB61-45E8E791C447}] DATAGRAM 13" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{EED0E989-008A-4522-AB61-45E8E791C447}] SEQPACKET 13" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{FC65D341-6F05-481C-8A9E-66AD024B29E7}] DATAGRAM 5" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{FC65D341-6F05-481C-8A9E-66AD024B29E7}] SEQPACKET 5" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD RfComm [Bluetooth]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD Tcpip [RAW/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD Tcpip [TCP/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD Tcpip [UDP/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"RSVP TCP Service Provider" - "Microsoft Corporation" - C:\WINDOWS\system32\rsvpsp.dll
"RSVP UDP Service Provider" - "Microsoft Corporation" - C:\WINDOWS\system32\rsvpsp.dll
"VMCI sockets DGRAM" - "VMware, Inc." - C:\Programme\VMware\VMware Player\vsocklib.dll
"VMCI sockets STREAM" - "VMware, Inc." - C:\Programme\VMware\VMware Player\vsocklib.dll

===[ Logfile end ]=========================================[ Logfile end ]===

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2012-02-01 11:47:58
-----------------------------
11:47:58.281 OS Version: Windows 5.1.2600 Service Pack 3
11:47:58.281 Number of processors: 2 586 0x4303
11:47:58.281 ComputerName: SMN UserName:
11:47:59.593 Initialize success
11:49:58.281 AVAST engine defs: 12020100
11:50:23.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5
11:50:23.718 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
11:50:25.734 Disk 0 MBR read successfully
11:50:25.734 Disk 0 MBR scan
11:50:25.750 Disk 0 Windows XP default MBR code
11:50:25.750 Disk 0 scanning sectors +976752000
11:50:25.765 Disk 0 malicious Win32:MBRoot code @ sector 976752003 !
11:50:25.812 Disk 0 scanning C:\WINDOWS\system32\drivers
11:50:33.156 Service scanning
11:50:33.406 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
11:50:33.984 Modules scanning
11:50:36.796 Disk 0 trace - called modules:
11:50:36.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:50:36.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a55cab8]
11:50:36.828 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000075[0x8a581258]
11:50:36.843 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-5[0x8a55a318]
11:50:37.671 AVAST engine scan C:\WINDOWS
11:50:55.906 AVAST engine scan C:\WINDOWS\system32
11:52:19.234 AVAST engine scan C:\WINDOWS\system32\drivers
11:52:36.078 AVAST engine scan C:\Dokumente und Einstellungen\***
11:55:38.312 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"
11:55:38.328 The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR.txt"

cosinus 01.02.2012 13:23
Live-System PartedMagic / GParted

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist

http://partedmagic.com/lib/exe/fetch...ia=desktop.png

4. Du müsstest ein Symbol PartitionEditor auf dem Desktop finden, das doppelklicken
5. Wenn das Tool die Partitionen aufgelistet hat, bitte einen Screenshot mit Hilfe der Taste DRUCK auf der Tastatur erstellen, diesen Screenshot hier posten (idR hast du einen Internetzugang mit PartedMagic, wenn nicht einfach den Screenshot auf einem Stick abspeichern und unter Windows hier posten)

hanspans 01.02.2012 14:16
Liste der Anhänge anzeigen (Anzahl: 1)
texttexttext.. oja, :dankeschoen:

cosinus 01.02.2012 15:07
Also der MBR ist ok, da scheint wohl nur noch bösartiger Code als Überrest in einem Sektor zu schlummern, der keiner Partition zugewiesen ist. Befindet sich irgendwo in dem nicht zugeordneten Bereich (dieses 10 MB Häppchen was GParted dir da anzeigt)

genauer: malicious Win32:MBRoot code @ sector 976752003 !

Sektor 976.752.003, jeder Sektor hat eine Größe von 512 Bytes also scheint so ziemlich am letzten Bereich der Platte die bösartiger Code zu sitzen.

Klick in GParted den unteren Bereich an und sag neue Partition, FAT => ok, Aktionen übernehmen
Wenn das nicht geht einfach das 10MB Häppchen anklicken => Info
Das Info Fenster offen lassen, Screenshot machen und hier poste

hanspans 01.02.2012 15:58
Liste der Anhänge anzeigen (Anzahl: 1)
Also mit 'unterer Bereich' meinst du das 10 MB Haeppchen, oder? Das laesst sich nicht auf FAT formatieren. Screenshot haengt an.
Und wenn das wirklich nur noch Reste sind, warum ist das dann wieder neu aufgetaucht?

cosinus 02.02.2012 09:36
Möchtest du den überschreiben lassen?

Wenn ja dann bitte jetzt sorgfältig lesen und zuerst eine Sicherung aller Daten machen! Wenn die Sicherung erfolgte alle Sicherungsmedien vom Computer physikalisch trennen!

Wie gesagt was jetzt folgt und du hast Datenverluste seist du jetzt nochmal ausdrücklich gewarnt, alles richtig umzusetzen und vorher alles wichtige auf externe Platten zu sichern. Wenn du sicher bist, dass alle wichtige Daten in Sicherheit sind und die externen Datenträger auch nicht mehr am Rechner angeschlossen sind, dann fahre fort wir folgt:

Öffne das Terminal in PartedMagic. Ist unten in der Quicklaunch der schwarze Monitor. Eine schwarze Konsole öffnet sich. Tipp dort ein (du solltest root@partedmagic in der Zeile lesen können)

WARNUNG: Folgender Befehl auf eigene Gefahr! Für Datenverluste nicht rumheulen und wer das mitliest soll den Befehl ebenfalls nicht so ausführen!!

Bitte lieber eher 3x als 2x prüfen ob du alles so richtig eingetippt hast NACH der Datensicherung:

Code:
dd if=/dev/zero of=/dev/sda seek=976752001 bs=512
Wenn du dir sicher bist das genau so eingetippt zu haben wie es da bei mir steht, dann drücke die Eingabetaste. Es dauert nicht lange, dann hast du wieder die Zeile und sinngemäß so etwas wie

21168+0 Datensätze ein
21168+0 Datensätze aus

Wenn das so rauskaum (können auch 21167 statt 21168 sein) wurden die letzten 21168 Sekoren (und damit auch der bösartige Code in diesem unzugeordneten Bereich) auf der Platte mit Nullen überschrieben; starte den Rechner neu und boote Windows.
Mach dort einen neuen scan mit aswMBR und poste wieder das Log.

cosinus 05.02.2012 22:26
Hallo,

benötigst Du noch weiterhin Hilfe?
Sollte ich innerhalb der nächsten 3 Tage keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.
Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19