Trojaner-Board - BKA-National Cyber Crime Unite hat zugeschlagen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - BKA-National Cyber Crime Unite hat zugeschlagen - winXP Sp3 (https://www.trojaner-board.de/111984-bka-national-cyber-crime-unite-hat-zugeschlagen-winxp-sp3.html)

BKA-National Cyber Crime Unite hat zugeschlagen - winXP Sp3

Beim surfen habe ich mir diese lästige Malware (?) eingefangen.
Naja, nichts desto trotz, folgende Symptome:
Vollständiger Bildschirm mit der "BKA - National Cyber Crime Unite" Meldung und Geld-Überweisungs-Aufforderung.
Taskmanager war auch deaktivert, habe ich wieder hergestellt. Ansonst, sobald das Fenster aufgeht, kann ich keine Bedienung mehr vornehmen, alles verschwindet im Hintergrund.
win XP, SP3, x86

"Malwarebytes Anti-Malware" bereits einmal vollständig (Administrator-Acc) und direkt nach dem Neustart noch einmal per "Quickscan" (Benutzer-Admin-Acc) ausgeführt.

Code:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.20.07
 

Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 8.0.6001.18702

Administrator :: DIDDI [Administrator]
 

20.03.2012 19:19:30

mbam-log-2012-03-20 (19-19-30).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 284585

Laufzeit: 52 Minute(n), 24 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|7906 (Spyware.Zeus) -> Daten: C:\DOKUME~1\ALLUSE~1\LOCALS~1\Temp\msdubmnax.com -> Löschen bei Neustart.
 

Infizierte Dateiobjekte der Registrierung: 3

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

C:\Dokumente und Einstellungen\All Users\Local Settings\Temp\msdubmnax.com (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\WINDOWS\system32\cmdow.exe (PUP.Tool) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Code:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Database version: v2012.03.20.07
 

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

*** :: DIDDI [administrator]
 

20.03.2012 20:19:13

mbam-log-2012-03-20 (20-19-13).txt
 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206368

Time elapsed: 6 minute(s), 54 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

(end)

Gescannt und mit selbigem Tool die jeweils gefundenen Baustellen bereinigt.
danach habe ich auch schon mit OTL gescannt, entsprechende Logs:

OTL Logfile:

Code:

 OTL logfile created on: 20.03.2012 20:42:05 - Run 1

OTL by OldTimer - Version 3.2.39.1     Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

511,48 Mb Total Physical Memory | 364,08 Mb Available Physical Memory | 71,18% Memory free

1,22 Gb Paging File | 1,15 Gb Available in Paging File | 94,21% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 55,88 Gb Total Space | 25,21 Gb Free Space | 45,12% Space Free | Partition Type: NTFS

 

Computer Name: DIDDI | User Name: *** | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.20 20:20:30 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe

PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2008.04.14 13:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2011.08.30 20:54:18 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\server\Apache2\bin\httpd.exe -- (Apache2.2)

SRV - [2011.08.06 02:14:36 | 000,207,360 | ---- | M] (Iomega Corp) [Auto | Stopped] -- C:\Programme\Iomega Storage Manager\pCloudd.exe -- (PCloudd)

SRV - [2011.07.13 20:57:18 | 008,155,648 | ---- | M] () [Auto | Stopped] -- C:\server\mysql\MySQL Server 5.5\bin\mysqld.exe -- (MySQL55)

SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)

SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)

SRV - [2008.04.14 07:53:02 | 000,073,796 | ---- | M] (Smart Link) [Auto | Stopped] -- C:\WINDOWS\System32\slserv.exe -- (SLService)

SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2011.12.22 21:24:20 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011.09.08 18:56:24 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2011.09.08 18:56:24 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)

DRV - [2011.08.06 02:14:36 | 000,017,488 | ---- | M] (Iomega Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vNICdrv.sys -- (vNICdrv)

DRV - [2009.02.25 23:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)

DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)

DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)

DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)

DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)

DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)

DRV - [2008.04.13 23:53:48 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)

DRV - [2008.04.13 23:53:48 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)

DRV - [2008.04.13 23:53:46 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)

DRV - [2008.04.13 23:53:44 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)

DRV - [2008.04.13 23:53:42 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)

DRV - [2008.04.13 23:53:42 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)

DRV - [2008.04.13 23:53:40 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)

DRV - [2003.06.16 10:05:40 | 000,369,920 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)

DRV - [2003.04.30 15:59:40 | 000,259,528 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Nuvision.sys -- (NuVision) Hauppauge WinTV USB Pro (PAL B/G)

DRV - [2003.04.16 07:04:46 | 000,151,808 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8180.sys -- (rtl8180) Realtek RTL8180 Wireless LAN (Mini-)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\..\SearchScopes,DefaultScope = {3719E125-EA2F-4967-89A7-7FFC964A42E6}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{3719E125-EA2F-4967-89A7-7FFC964A42E6}: "URL" = hxxp://www.google.de/#hl=de&xhr=t&q={searchTerms}&cp=4&pf=p&sclient=psy&site=&source=hp&aq=0&aqi=g5&aql=&oq={searchTerms}&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=4fc01e6c7e157942&biw=792&bih=439

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.08 09:30:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Programme\Mein Gutscheincode Finder\Firefox [2011.08.02 17:59:43 | 000,000,000 | ---D | M]

 

[2011.12.08 09:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions

[2011.12.12 18:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.12.12 18:43:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)

O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Monitor Apache Servers.lnk = C:\server\Apache2\bin\ApacheMonitor.exe (Apache Software Foundation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\RtlWake.lnk = C:\Programme\Realtek\Rtl8180\FRtlWake.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70C4AB4D-F5A9-4693-9EB3-1516A66CA6F4}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70C4AB4D-F5A9-4693-9EB3-1516A66CA6F4}: NameServer = 192.168.0.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.07.22 10:32:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell - "" = AutoRun

O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell\AutoRun\command - "" = G:\iStudio.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

NetSvcs: 6to4 -  File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - Services: "SCardSvr"

MsConfig - Services: "JavaQuickStarterService"

MsConfig - Services: "idsvc"

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 2

MsConfig - State: "startup" - 0

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.20 20:18:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2012.03.20 19:17:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.03.20 19:17:30 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.03.20 19:17:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.03.20 19:17:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.03.15 22:55:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012.03.15 21:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2012.03.14 23:53:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\kodak

[2012.03.14 23:53:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Local Settings

[2012.02.21 21:09:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Intelli-studio

[2012.02.21 21:09:24 | 000,000,000 | ---D | C] -- C:\Programme\Samsung

[2011.11.13 10:29:48 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpeA.dll

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.20 20:17:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.03.20 20:16:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.03.20 19:17:32 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.15 23:08:33 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk

[2012.03.15 23:05:25 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2012.03.15 23:01:25 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.03.15 22:55:08 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.03.15 22:48:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.03.15 00:29:44 | 000,521,644 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.03.15 00:29:44 | 000,497,676 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.03.15 00:29:44 | 000,102,980 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.03.15 00:29:44 | 000,085,870 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.03.14 23:52:39 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3528E980-125F-4B0E-98D4-673D5501AB05}.job

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.20 19:17:32 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.16 22:22:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012.02.04 10:43:22 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND

[2011.11.21 21:21:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011.11.12 14:20:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2011.11.12 13:26:51 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini

[2011.08.10 20:57:47 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.08.08 19:09:05 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc

[2011.08.01 19:03:27 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\AdvCfgRes.dll

[2011.08.01 19:03:27 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\CfgResDll.dll

[2011.08.01 19:03:27 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\WakeResDll.dll

[2011.08.01 19:03:27 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\XpCfgRes.dll

[2011.08.01 19:03:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\oemdel.exe

[2011.08.01 19:03:27 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\killpro.exe

[2011.07.31 13:08:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll

[2011.07.29 12:45:55 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011.07.23 20:23:47 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe

[2011.07.23 20:22:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\atiiprxx.exe

[2011.07.23 20:22:22 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat

[2011.07.23 20:22:22 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2011.07.23 20:22:22 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2011.07.23 20:22:22 | 000,182,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2011.07.23 20:22:21 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini

[2011.07.23 20:22:13 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe

[2011.07.22 13:47:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011.07.22 11:16:13 | 000,004,362 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011.07.22 11:14:38 | 000,188,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.07.22 10:36:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011.07.22 10:27:25 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

 
 ========== LOP Check ==========

 

[2011.11.13 10:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software

[2011.12.22 21:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2011.09.17 19:02:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL

[2011.08.02 18:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\B+P Heyer

[2011.12.22 21:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite

[2011.08.01 18:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Foxit Software

[2011.08.09 13:26:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GHISLER

[2011.08.09 19:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GoPal Assistant

[2012.02.04 08:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech

[2011.09.17 19:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MySQL

[2011.09.17 20:58:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Notepad++

[2012.03.14 23:52:39 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3528E980-125F-4B0E-98D4-673D5501AB05}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2011.11.12 12:38:32 | 000,000,000 | ---D | M] -- C:\71439a01b4cc00583019

[2011.11.12 14:10:48 | 000,000,000 | ---D | M] -- C:\ATI

[2011.11.12 13:43:42 | 000,000,000 | ---D | M] -- C:\directx

[2012.03.15 00:04:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen

[2011.08.11 13:12:45 | 000,000,000 | ---D | M] -- C:\dvd

[2011.08.09 20:22:28 | 000,000,000 | ---D | M] -- C:\Medion

[2012.03.20 19:17:30 | 000,000,000 | R--D | M] -- C:\Programme

[2012.03.15 22:57:41 | 000,000,000 | -HSD | M] -- C:\RECYCLER

[2012.01.20 19:22:31 | 000,000,000 | ---D | M] -- C:\serie

[2011.09.22 20:33:29 | 000,000,000 | --SD | M] -- C:\server

[2011.09.22 20:35:22 | 000,000,000 | ---D | M] -- C:\site

[2011.07.22 13:52:54 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011.08.09 13:26:14 | 000,000,000 | ---D | M] -- C:\totalcmd

[2012.03.15 23:07:43 | 000,000,000 | ---D | M] -- C:\WINDOWS

 
 < %PROGRAMFILES%\*.exe >

Invalid Environment Variable: LOCALAPPDATA

 
 < %systemroot%\*. /mp /s >

 
 < MD5 for: AGP440.SYS  >

[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

 
 < MD5 for: EXPLORER.EXE  >

[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe

[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll

[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll

[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe

[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe

[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2011.07.22 12:13:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2011.07.22 12:13:56 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2011.07.22 12:13:55 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 < %USERPROFILE%\*.* >

[2012.03.19 20:35:13 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT

[2012.03.20 20:44:23 | 000,724,992 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT.LOG

[2012.03.19 20:35:14 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.02.03 10:57:08 | 001,860,224 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 

< End of report >

OTL Extra:

Code:

OTL Extras logfile created on: 20.03.2012 20:42:05 - Run 1

OTL by OldTimer - Version 3.2.39.1     Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

511,48 Mb Total Physical Memory | 364,08 Mb Available Physical Memory | 71,18% Memory free

1,22 Gb Paging File | 1,15 Gb Available in Paging File | 94,21% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 55,88 Gb Total Space | 25,21 Gb Free Space | 45,12% Space Free | Partition Type: NTFS

 

Computer Name: DIDDI | User Name: *** | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU

"{0355CF40-97AF-9CDD-7282-BF151AEE724B}" = ccc-core-static

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{090C73E1-BB48-403D-9DFF-A60FD71FF73A}" = MySQL Connector J

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU

"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0

"{2306AB02-DE01-1366-BCFF-41D1197CF42E}" = ccc-utility

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29

"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E203CAF-230D-5275-C15B-517273593359}" = Catalyst Control Center Core Implementation

"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types

"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 6.3.7

"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{65EAB391-4B36-59AA-0336-D0C4BEB6CD2F}" = CCC Help English

"{66F9302D-E145-4375-8C84-54DA2339C483}" = MySQL Connector C 6.0.2

"{6F206B58-E2F7-4A70-ACAC-8E0ABFBC62F6}" = MySQL Connector/ODBC 5.1

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.20

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{953F4AF6-25A4-2419-0A5D-FCA262FEF85E}" = Catalyst Control Center Graphics Full New

"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{B9A129AB-CA6B-4CD1-B55C-792722E2B947}" = MySQL Installer

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C583CEE0-56CD-4545-9BA9-9042EE1FC9E0}" = Realtek RTL8180 Wireless LAN (Mini-)PCI Driver & Utility

"{C59C4A56-8560-4E3B-AA5D-BDCED4F110E7}" = MySQL Documents

"{C6A83D5C-636B-83F9-CEA4-9E2A31C4F509}" = ccc-core-preinstall

"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{DCB7474F-F85C-2196-700A-C69692895D00}" = Catalyst Control Center Graphics Full Existing

"{E392F35A-A82B-4DA8-91AF-4B90FE404025}" = Heyer's Sudoku-Generator 1

"{E3ABB4CC-1DC5-4430-BC49-D86AB708A9B8}" = MySQL Workbench 5.2 CE

"{E929D860-AB8D-4AC0-8B7F-8DB5D65E46D0}" = MySQL Server 5.5

"{EA5D652F-EC02-D5E8-6887-CE9EE1C9846F}" = Skins

"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.231

"{F53503A3-41B3-4327-A5C0-B058AB72B90D}" = MySQL Examples and Samples 5.5

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F88E77C7-846D-73D9-7B33-0AF6A5F5FD1B}" = Catalyst Control Center Graphics Light

"{FD753E57-1F44-41E6-B962-E01D76676206}" = MySQL Connector C++ 1.1.0

"5513-1208-7298-9440" = JDownloader 0.9

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"All ATI Software" = ATI - Software Uninstall Utility

"Assistant" = Assistant 5.05.010

"ATI Display Driver" = ATI Display Driver

"DAEMON Tools Lite" = DAEMON Tools Lite

"Foxit Reader_is1" = Foxit Reader 5.0

"Hauppauge WinTV2000" = Hauppauge WinTV2000

"ie8" = Windows Internet Explorer 8

"Iomega Storage Manager" = Iomega Storage Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU

"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU

"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)

"MultiRes (remove only)" = MultiRes (remove only)

"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition

"Notepad++" = Notepad++

"Radeon Omega Drivers for Windows XP/2kv4.8.442" = Radeon Omega Drivers v4.8.442 Setup Files and Tools

"Totalcmd" = Total Commander (Remove or Repair)

"Update Engine" = Sony Ericsson Update Engine

"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program

"VLC media player" = VLC media player 1.1.11

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"WinRAR archiver" = WinRAR 4.01 (32-Bit)

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 15.03.2012 17:04:42 | Computer Name = DIDDI | Source = MySQL | ID = 100

Description = Can't find messagefile 'C:\WINDOWS\system32\ erver\mysql\MySQL Server

 5.5\share\errmsg.sys'    For more information, see Help and Support Center at hxxp://www.mysql.com.
 
 

 

Error - 15.03.2012 17:04:46 | Computer Name = DIDDI | Source = MySQL | ID = 100

Description = Aborting     For more information, see Help and Support Center at hxxp://www.mysql.com.
 
 

 

Error - 15.03.2012 17:46:07 | Computer Name = DIDDI | Source = Apache Service | ID = 3299

Description = The Apache service named  reported the following error:  >>> [Thu Mar

 15 22:46:07 2012] [warn] The Alias directive in C:/server/Apache2/conf/extra/httpd-autoindex.conf

 at line 20 will probably never match because it overlaps an earlier Alias.     

.

 

Error - 15.03.2012 17:46:07 | Computer Name = DIDDI | Source = Apache Service | ID = 3299

Description = The Apache service named  reported the following error:  >>> httpd.exe:

 Could not reliably determine the server's fully qualified domain name, using 127.0.0.1

 for ServerName     .

 

Error - 15.03.2012 17:46:12 | Computer Name = DIDDI | Source = MySQL | ID = 100

Description = Can't find messagefile 'C:\WINDOWS\system32\ erver\mysql\MySQL Server

 5.5\share\errmsg.sys'    For more information, see Help and Support Center at hxxp://www.mysql.com.
 
 

 

Error - 15.03.2012 17:46:16 | Computer Name = DIDDI | Source = MySQL | ID = 100

Description = Aborting     For more information, see Help and Support Center at hxxp://www.mysql.com.
 
 

 

Error - 15.03.2012 18:08:18 | Computer Name = DIDDI | Source = Apache Service | ID = 3299

Description = The Apache service named  reported the following error:  >>> [Thu Mar

 15 23:08:18 2012] [warn] The Alias directive in C:/server/Apache2/conf/extra/httpd-autoindex.conf

 at line 20 will probably never match because it overlaps an earlier Alias.     

.

 

Error - 15.03.2012 18:08:18 | Computer Name = DIDDI | Source = Apache Service | ID = 3299

Description = The Apache service named  reported the following error:  >>> httpd.exe:

 Could not reliably determine the server's fully qualified domain name, using 127.0.0.1

 for ServerName     .

 

Error - 15.03.2012 18:08:23 | Computer Name = DIDDI | Source = MySQL | ID = 100

Description = Can't find messagefile 'C:\WINDOWS\system32\ erver\mysql\MySQL Server

 5.5\share\errmsg.sys'    For more information, see Help and Support Center at hxxp://www.mysql.com.
 
 

 

Error - 15.03.2012 18:08:30 | Computer Name = DIDDI | Source = MySQL | ID = 100

Description = Aborting     For more information, see Help and Support Center at hxxp://www.mysql.com.
 
 

 

[ System Events ]

Error - 20.03.2012 15:34:23 | Computer Name = DIDDI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 20.03.2012 15:34:32 | Computer Name = DIDDI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 20.03.2012 15:34:32 | Computer Name = DIDDI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 20.03.2012 15:34:32 | Computer Name = DIDDI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 20.03.2012 15:34:33 | Computer Name = DIDDI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 20.03.2012 15:34:33 | Computer Name = DIDDI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 20.03.2012 15:34:40 | Computer Name = DIDDI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 20.03.2012 15:34:40 | Computer Name = DIDDI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 20.03.2012 15:34:40 | Computer Name = DIDDI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 20.03.2012 15:34:40 | Computer Name = DIDDI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

 

< End of report >

bestimmt könnt ihr mir helfen

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ca47c898e61cbf4d84fbe85d9bf54754

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-21 09:08:36

# local_time=2012-03-21 10:08:36 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 3804 3804 0 0

# scanned=79756

# found=3

# cleaned=0

# scan_time=5017

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\44\2924cbac-34ef80fe        a variant of Java/Exploit.Blacole.AN trojan (unable to clean)        00000000000000000000000000000000        I

C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\xs0nfffy.default\Cache\7\26\91DC9d01        HTML/Iframe.B.Gen virus (unable to clean)        00000000000000000000000000000000        I

C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\xs0nfffy.default\Cache\F\B8\FB5C7d01        JS/Kryptik.JN trojan (unable to clean)        00000000000000000000000000000000        I

Funktioniert der normale Modus eigentlich mittlerweile?

Jepp, ging bereits nach der Entfernung mittels Malwarebytes Anti-Malware

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

So, hier nun der OTL Log

OTL Logfile:

Code:

OTL logfile created on: 22.03.2012 18:17:12 - Run 2

OTL by OldTimer - Version 3.2.39.1     Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

511,48 Mb Total Physical Memory | 263,25 Mb Available Physical Memory | 51,47% Memory free

1,22 Gb Paging File | 0,98 Gb Available in Paging File | 80,31% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 55,88 Gb Total Space | 25,55 Gb Free Space | 45,72% Space Free | Partition Type: NTFS

 

Computer Name: DIDDI | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.20 20:20:30 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe

PRC - [2011.08.30 20:54:18 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\server\Apache2\bin\httpd.exe

PRC - [2011.08.06 02:14:36 | 000,207,360 | ---- | M] (Iomega Corp) -- C:\Programme\Iomega Storage Manager\pCloudd.exe

PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008.04.14 07:53:02 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe

PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

PRC - [2003.03.06 12:07:10 | 000,716,800 | ---- | M] () -- C:\Programme\Realtek\Rtl8180\RtlWake.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.21 21:06:37 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll

MOD - [2012.02.21 21:03:56 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll

MOD - [2012.02.17 17:58:13 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll

MOD - [2012.02.17 17:58:04 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll

MOD - [2012.02.17 17:57:42 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll

MOD - [2012.02.17 17:55:33 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll

MOD - [2012.02.17 17:52:01 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2011.11.12 15:08:04 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll

MOD - [2011.11.12 14:32:08 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3343.28228__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll

MOD - [2011.11.12 14:32:08 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3343.28200__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll

MOD - [2011.11.12 14:32:08 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3343.28229__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll

MOD - [2011.11.12 14:32:08 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3343.28221__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll

MOD - [2011.11.12 14:32:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3343.28213__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll

MOD - [2011.11.12 14:32:07 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3343.28338__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll

MOD - [2011.11.12 14:32:07 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3343.28315__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll

MOD - [2011.11.12 14:32:07 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3343.28309__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll

MOD - [2011.11.12 14:32:07 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3343.28213__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll

MOD - [2011.11.12 14:32:07 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3343.28281__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll

MOD - [2011.11.12 14:32:07 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3343.28263__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll

MOD - [2011.11.12 14:32:06 | 000,286,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.3343.28242__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.dll

MOD - [2011.11.12 14:32:06 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3343.28339__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll

MOD - [2011.11.12 14:32:06 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3343.28229__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll

MOD - [2011.11.12 14:32:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3343.28228__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll

MOD - [2011.11.12 14:32:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3343.28242__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.dll

MOD - [2011.11.12 14:32:05 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3343.28288__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll

MOD - [2011.11.12 14:32:05 | 000,172,032 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3343.28280__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll

MOD - [2011.11.12 14:32:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3343.28289__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll

MOD - [2011.11.12 14:32:05 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3343.28288__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll

MOD - [2011.11.12 14:32:05 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3343.28280__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll

MOD - [2011.11.12 14:32:03 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3343.28265__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll

MOD - [2011.11.12 14:32:03 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3343.28301__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll

MOD - [2011.11.12 14:32:02 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3343.28215__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll

MOD - [2011.11.12 14:32:02 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3343.28230__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll

MOD - [2011.11.12 14:32:02 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3343.28278__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll

MOD - [2011.11.12 14:32:02 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll

MOD - [2011.11.12 14:32:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3343.28278__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll

MOD - [2011.11.12 14:32:01 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3343.28310__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll

MOD - [2011.11.12 14:32:01 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3343.28230__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll

MOD - [2011.11.12 14:32:01 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll

MOD - [2011.11.12 14:32:01 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3343.28280__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll

MOD - [2011.11.12 14:32:01 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3343.28237__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll

MOD - [2011.11.12 14:32:01 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3343.28263__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll

MOD - [2011.11.12 14:32:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3343.28236__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll

MOD - [2011.11.12 14:32:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll

MOD - [2011.11.12 14:32:01 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3343.28279__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll

MOD - [2011.11.12 14:32:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll

MOD - [2011.11.12 14:32:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll

MOD - [2011.11.12 14:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll

MOD - [2011.11.12 14:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll

MOD - [2011.11.12 14:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll

MOD - [2011.11.12 14:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll

MOD - [2011.11.12 14:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll

MOD - [2011.11.12 14:32:00 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll

MOD - [2011.11.12 14:31:59 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll

MOD - [2011.11.12 14:31:58 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll

MOD - [2011.11.12 14:31:58 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll

MOD - [2011.11.12 14:31:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll

MOD - [2011.11.12 14:31:58 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll

MOD - [2011.11.12 14:31:58 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll

MOD - [2011.11.12 14:31:58 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll

MOD - [2011.11.12 14:31:58 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll

MOD - [2011.11.12 14:31:58 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.dll

MOD - [2011.11.12 14:31:58 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3309.28647__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll

MOD - [2011.11.12 14:31:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll

MOD - [2011.11.12 14:31:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll

MOD - [2011.11.12 14:31:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll

MOD - [2011.11.12 14:31:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll

MOD - [2011.11.12 14:31:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll

MOD - [2011.11.12 14:31:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll

MOD - [2011.11.12 14:31:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll

MOD - [2011.11.12 14:31:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll

MOD - [2011.11.12 14:31:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll

MOD - [2011.11.12 14:31:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll

MOD - [2011.11.12 14:31:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll

MOD - [2011.11.12 14:31:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll

MOD - [2011.11.12 14:31:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll

MOD - [2011.11.12 14:31:57 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll

MOD - [2011.11.12 14:31:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll

MOD - [2011.11.12 14:31:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3309.28642__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.dll

MOD - [2011.11.12 14:31:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll

MOD - [2011.11.12 14:31:56 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll

MOD - [2011.11.12 14:31:56 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll

MOD - [2011.11.12 14:31:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll

MOD - [2011.11.12 14:31:55 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll

MOD - [2011.11.12 14:31:55 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll

MOD - [2011.11.12 14:31:55 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll

MOD - [2011.11.12 14:31:55 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll

MOD - [2011.11.12 14:31:55 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll

MOD - [2011.11.12 14:31:55 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll

MOD - [2011.11.12 14:31:55 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Shared\2.0.3309.28642__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Shared.dll

MOD - [2011.11.12 14:31:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll

MOD - [2011.11.12 14:31:54 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3343.28368__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll

MOD - [2011.11.12 14:31:54 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3343.28347__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll

MOD - [2011.11.12 14:31:54 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll

MOD - [2011.11.12 14:31:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll

MOD - [2011.11.12 14:31:54 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll

MOD - [2011.11.12 14:31:54 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3343.28197__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll

MOD - [2011.11.12 14:31:53 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3343.28321__90ba9c70f846762e\CLI.Component.Systemtray.dll

MOD - [2011.11.12 14:31:53 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3343.28221__90ba9c70f846762e\CLI.Component.Wizard.dll

MOD - [2011.11.12 14:31:53 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3343.28330__90ba9c70f846762e\MOM.Implementation.dll

MOD - [2011.11.12 14:31:53 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3343.28328__90ba9c70f846762e\LOG.Foundation.Implementation.dll

MOD - [2011.11.12 14:31:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll

MOD - [2011.11.12 14:31:53 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll

MOD - [2011.11.12 14:31:53 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll

MOD - [2011.11.12 14:31:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll

MOD - [2011.11.12 14:31:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll

MOD - [2011.11.12 14:31:53 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll

MOD - [2011.11.12 14:31:52 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3343.28198__90ba9c70f846762e\CLI.Component.Runtime.dll

MOD - [2011.11.12 14:31:52 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3343.28199__90ba9c70f846762e\CLI.Component.SkinFactory.dll

MOD - [2011.11.12 14:31:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll

MOD - [2011.11.12 14:31:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll

MOD - [2011.11.12 14:31:51 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3343.28207__90ba9c70f846762e\CLI.Component.Dashboard.dll

MOD - [2011.11.12 14:31:51 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3343.28199__90ba9c70f846762e\ATIDEMOS.dll

MOD - [2011.11.12 14:31:51 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3343.28198__90ba9c70f846762e\APM.Server.dll

MOD - [2011.11.12 14:31:51 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3343.28197__90ba9c70f846762e\AEM.Server.dll

MOD - [2011.11.12 14:31:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll

MOD - [2011.11.12 14:31:51 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll

MOD - [2011.11.12 14:31:51 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3343.28329__90ba9c70f846762e\CCC.Implementation.dll

MOD - [2011.11.12 14:31:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll

MOD - [2011.11.12 14:24:38 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

MOD - [2011.07.22 13:42:00 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2011.07.22 13:41:52 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll

MOD - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

MOD - [2003.03.06 12:07:10 | 000,716,800 | ---- | M] () -- C:\Programme\Realtek\Rtl8180\RtlWake.exe

MOD - [2003.01.13 19:17:40 | 000,110,592 | ---- | M] () -- C:\WINDOWS\system32\WakeResDll.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2011.08.30 20:54:18 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\server\Apache2\bin\httpd.exe -- (Apache2.2)

SRV - [2011.08.06 02:14:36 | 000,207,360 | ---- | M] (Iomega Corp) [Auto | Running] -- C:\Programme\Iomega Storage Manager\pCloudd.exe -- (PCloudd)

SRV - [2011.07.13 20:57:18 | 008,155,648 | ---- | M] () [Auto | Stopped] -- C:\server\mysql\MySQL Server 5.5\bin\mysqld.exe -- (MySQL55)

SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)

SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)

SRV - [2008.04.14 07:53:02 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)

SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2011.12.22 21:24:20 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011.09.08 18:56:24 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2011.09.08 18:56:24 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)

DRV - [2011.08.06 02:14:36 | 000,017,488 | ---- | M] (Iomega Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vNICdrv.sys -- (vNICdrv)

DRV - [2009.02.25 23:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)

DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)

DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)

DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)

DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)

DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)

DRV - [2008.04.13 23:53:48 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)

DRV - [2008.04.13 23:53:48 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)

DRV - [2008.04.13 23:53:46 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)

DRV - [2008.04.13 23:53:44 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)

DRV - [2008.04.13 23:53:42 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)

DRV - [2008.04.13 23:53:42 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)

DRV - [2008.04.13 23:53:40 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)

DRV - [2003.06.16 10:05:40 | 000,369,920 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)

DRV - [2003.04.30 15:59:40 | 000,259,528 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Nuvision.sys -- (NuVision) Hauppauge WinTV USB Pro (PAL B/G)

DRV - [2003.04.16 07:04:46 | 000,151,808 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8180.sys -- (rtl8180) Realtek RTL8180 Wireless LAN (Mini-)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\..\SearchScopes,DefaultScope = {3719E125-EA2F-4967-89A7-7FFC964A42E6}

IE - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\..\SearchScopes\{3719E125-EA2F-4967-89A7-7FFC964A42E6}: "URL" = hxxp://www.google.de/#hl=de&xhr=t&q={searchTerms}&cp=4&pf=p&sclient=psy&site=&source=hp&aq=0&aqi=g5&aql=&oq={searchTerms}&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=4fc01e6c7e157942&biw=792&bih=439

IE - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.08 09:30:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Programme\Mein Gutscheincode Finder\Firefox [2011.08.02 17:59:43 | 000,000,000 | ---D | M]

 

[2011.12.08 09:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions

[2011.12.12 18:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.12.12 18:43:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)

O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Monitor Apache Servers.lnk = C:\server\Apache2\bin\ApacheMonitor.exe (Apache Software Foundation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\RtlWake.lnk = C:\Programme\Realtek\Rtl8180\FRtlWake.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70C4AB4D-F5A9-4693-9EB3-1516A66CA6F4}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70C4AB4D-F5A9-4693-9EB3-1516A66CA6F4}: NameServer = 192.168.0.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.07.22 10:32:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell - "" = AutoRun

O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell\AutoRun\command - "" = G:\iStudio.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - Services: "SCardSvr"

MsConfig - Services: "JavaQuickStarterService"

MsConfig - Services: "idsvc"

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 2

MsConfig - State: "startup" - 0

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.NTN1 - C:\WINDOWS\System32\nuvision.ax (Zoran Ltd.)

Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.21 20:41:36 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.03.20 20:18:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2012.03.20 19:17:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.03.20 19:17:30 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.03.20 19:17:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.03.20 19:17:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.03.15 22:55:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012.03.15 21:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2012.03.14 23:53:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\kodak

[2012.03.14 23:53:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Local Settings

[2012.02.21 21:09:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Intelli-studio

[2012.02.21 21:09:24 | 000,000,000 | ---D | C] -- C:\Programme\Samsung

[2011.11.13 10:29:48 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpeA.dll

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.22 18:18:27 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3528E980-125F-4B0E-98D4-673D5501AB05}.job

[2012.03.22 18:16:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.03.22 18:14:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.03.22 00:44:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.03.20 19:17:32 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.15 23:08:33 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk

[2012.03.15 23:05:25 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2012.03.15 22:55:08 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.03.15 22:48:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.03.15 00:29:44 | 000,521,644 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.03.15 00:29:44 | 000,497,676 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.03.15 00:29:44 | 000,102,980 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.03.15 00:29:44 | 000,085,870 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.20 19:17:32 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.16 22:22:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012.02.04 10:43:22 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND

[2011.11.21 21:21:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011.11.12 14:20:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2011.11.12 13:26:51 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini

[2011.08.10 20:57:47 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.08.08 19:09:05 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc

[2011.08.01 19:03:27 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\AdvCfgRes.dll

[2011.08.01 19:03:27 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\CfgResDll.dll

[2011.08.01 19:03:27 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\WakeResDll.dll

[2011.08.01 19:03:27 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\XpCfgRes.dll

[2011.08.01 19:03:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\oemdel.exe

[2011.08.01 19:03:27 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\killpro.exe

[2011.07.31 13:08:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll

[2011.07.29 12:45:55 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011.07.23 20:23:47 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe

[2011.07.23 20:22:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\atiiprxx.exe

[2011.07.23 20:22:22 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat

[2011.07.23 20:22:22 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2011.07.23 20:22:22 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2011.07.23 20:22:22 | 000,182,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2011.07.23 20:22:21 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini

[2011.07.23 20:22:13 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe

[2011.07.22 13:47:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011.07.22 11:16:13 | 000,004,362 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011.07.22 11:14:38 | 000,188,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.07.22 10:36:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011.07.22 10:27:25 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

 
 ========== LOP Check ==========

 

[2011.11.13 10:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software

[2011.12.22 21:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2011.09.17 19:02:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL

[2011.08.02 18:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\B+P Heyer

[2011.12.22 21:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite

[2011.08.01 18:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Foxit Software

[2011.08.09 13:26:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GHISLER

[2011.08.09 19:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GoPal Assistant

[2012.02.04 08:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech

[2011.09.17 19:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MySQL

[2011.09.17 20:58:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Notepad++

[2012.03.22 18:18:27 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3528E980-125F-4B0E-98D4-673D5501AB05}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.07.22 16:04:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe

[2011.11.12 14:39:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ATI

[2011.08.02 18:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\B+P Heyer

[2011.12.22 21:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite

[2011.12.22 21:26:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\dvdcss

[2011.08.01 18:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Foxit Software

[2011.08.09 13:26:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GHISLER

[2011.08.09 19:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GoPal Assistant

[2011.07.22 10:46:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities

[2012.02.21 21:09:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Intelli-studio

[2012.03.14 23:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\kodak

[2012.02.04 08:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech

[2011.07.22 10:52:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia

[2012.03.20 20:18:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2011.08.09 21:04:47 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft

[2011.12.08 09:31:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla

[2011.09.17 19:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MySQL

[2011.09.17 20:58:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Notepad++

[2012.03.15 23:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype

[2011.07.22 13:33:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun

[2011.12.21 18:59:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc

[2011.08.09 13:20:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.08.09 20:12:57 | 000,046,080 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GoPal Assistant\Library\E883F460-FD1C-47BD-B0DC-D7BBF8DD9A8D\AutoRunCE.exe

[2011.08.09 20:12:57 | 000,089,088 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GoPal Assistant\Library\E883F460-FD1C-47BD-B0DC-D7BBF8DD9A8D\0\module.exe

[2011.08.09 20:13:05 | 000,089,088 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GoPal Assistant\Library\E883F460-FD1C-47BD-B0DC-D7BBF8DD9A8D\1\module.exe

[2012.02.04 08:16:21 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}\ARPPRODUCTICON.exe

[2011.09.17 18:59:30 | 000,287,934 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{B9A129AB-CA6B-4CD1-B55C-792722E2B947}\InstallerIcon.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll

[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll

[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe

[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe

[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2011.07.22 12:13:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2011.07.22 12:13:56 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2011.07.22 12:13:55 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 

< End of report >

--- --- ---

[/code]

ich hatte noch keine Zeit drüber zu schauen, ist das System erst einmal bereinigt?

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\..\SearchScopes,DefaultScope = {3719E125-EA2F-4967-89A7-7FFC964A42E6}

IE - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\..\SearchScopes\{3719E125-EA2F-4967-89A7-7FFC964A42E6}: "URL" = http://www.google.de/#hl=de&xhr=t&q={searchTerms}&cp=4&pf=p&sclient=psy&site=&source=hp&aq=0&aqi=g5&aql=&oq={searchTerms}&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=4fc01e6c7e157942&biw=792&bih=439

O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1960408961-1935655697-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.07.22 10:32:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell - "" = AutoRun

O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\Shell\AutoRun\command - "" = G:\iStudio.exe

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:



All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_USERS\S-1-5-21-1960408961-1935655697-1202660629-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1960408961-1935655697-1202660629-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-1960408961-1935655697-1202660629-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3719E125-EA2F-4967-89A7-7FFC964A42E6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3719E125-EA2F-4967-89A7-7FFC964A42E6}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.

C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\ deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.

Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1960408961-1935655697-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\AUTOEXEC.BAT moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e28ffd40-5cc7-11e1-a90b-00030d06db25}\ not found.

File G:\iStudio.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 180224 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 18657227 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: ***

->Temp folder emptied: 270710124 bytes

->Temporary Internet Files folder emptied: 678880961 bytes

->Java cache emptied: 75576 bytes

->FireFox cache emptied: 194293619 bytes

->Flash cache emptied: 4630 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2352202 bytes

%systemroot%\System32 .tmp files removed: 2951 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 469415 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1.112,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.39.1 log created on 03262012_154713
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

also, das tool hat noch einiges gefunden, aber von den 5 kann ich ja schon 4 ausschließen, was das andere ist, weiß ich momentan noch nicht

Code:

22:01:05.0479 1828        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

22:01:05.0639 1828        ============================================================

22:01:05.0639 1828        Current date / time: 2012/03/26 22:01:05.0639

22:01:05.0639 1828        SystemInfo:

22:01:05.0639 1828        

22:01:05.0639 1828        OS Version: 5.1.2600 ServicePack: 3.0

22:01:05.0639 1828        Product type: Workstation

22:01:05.0639 1828        ComputerName: DIDDI

22:01:05.0639 1828        UserName: ***

22:01:05.0639 1828        Windows directory: C:\WINDOWS

22:01:05.0639 1828        System windows directory: C:\WINDOWS

22:01:05.0639 1828        Processor architecture: Intel x86

22:01:05.0639 1828        Number of processors: 1

22:01:05.0639 1828        Page size: 0x1000

22:01:05.0639 1828        Boot type: Normal boot

22:01:05.0639 1828        ============================================================

22:01:08.0793 1828        Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

22:01:08.0823 1828        \Device\Harddisk0\DR0:

22:01:08.0823 1828        MBR used

22:01:08.0823 1828        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80

22:01:08.0863 1828        Initialize success

22:01:08.0863 1828        ============================================================

22:01:27.0670 1836        ============================================================

22:01:27.0670 1836        Scan started

22:01:27.0670 1836        Mode: Manual; SigCheck; TDLFS; 

22:01:27.0670 1836        ============================================================

22:01:28.0141 1836        Abiosdsk - ok

22:01:28.0251 1836        abp480n5 - ok

22:01:28.0341 1836        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

22:01:31.0546 1836        ACPI - ok

22:01:31.0806 1836        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

22:01:32.0067 1836        ACPIEC - ok

22:01:32.0277 1836        adpu160m - ok

22:01:32.0718 1836        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

22:01:33.0018 1836        aec - ok

22:01:33.0289 1836        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

22:01:33.0369 1836        AFD - ok

22:01:33.0689 1836        Aha154x - ok

22:01:33.0799 1836        aic78u2 - ok

22:01:33.0829 1836        aic78xx - ok

22:01:33.0899 1836        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

22:01:34.0170 1836        Alerter - ok

22:01:34.0340 1836        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

22:01:34.0420 1836        ALG - ok

22:01:34.0630 1836        AliIde - ok

22:01:34.0781 1836        AmdK7           (3a0dafac778236559c14c7203fb550eb) C:\WINDOWS\system32\DRIVERS\amdk7.sys

22:01:35.0051 1836        AmdK7 - ok

22:01:35.0221 1836        amsint - ok

22:01:35.0311 1836        Apache2.2       (fcd4f674b0091b6b6d18420df5342941) C:\server\Apache2\bin\httpd.exe

22:01:35.0331 1836        Apache2.2 ( UnsignedFile.Multi.Generic ) - warning

22:01:35.0331 1836        Apache2.2 - detected UnsignedFile.Multi.Generic (1)

22:01:35.0612 1836        AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll

22:01:35.0722 1836        AppMgmt - ok

22:01:35.0972 1836        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

22:01:36.0253 1836        Arp1394 - ok

22:01:36.0543 1836        asc - ok

22:01:36.0754 1836        asc3350p - ok

22:01:36.0974 1836        asc3550 - ok

22:01:37.0194 1836        aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

22:01:37.0244 1836        aspnet_state - ok

22:01:37.0575 1836        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

22:01:37.0845 1836        AsyncMac - ok

22:01:38.0115 1836        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

22:01:38.0356 1836        atapi - ok

22:01:38.0586 1836        Atdisk - ok

22:01:38.0736 1836        Ati HotKey Poller (2a27a3a8634fb9e29f539d6d3ed3646a) C:\WINDOWS\system32\Ati2evxx.exe

22:01:38.0897 1836        Ati HotKey Poller - ok

22:01:39.0187 1836        ATI Smart       (72810c6a63076a480abce0e0ba0bc981) C:\WINDOWS\system32\ati2sgag.exe

22:01:39.0297 1836        ATI Smart ( UnsignedFile.Multi.Generic ) - warning

22:01:39.0297 1836        ATI Smart - detected UnsignedFile.Multi.Generic (1)

22:01:40.0048 1836        ati2mtag        (8763ede3e0cd40f5c3450571ac57f205) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

22:01:40.0569 1836        ati2mtag - ok

22:01:40.0839 1836        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

22:01:41.0110 1836        Atmarpc - ok

22:01:41.0330 1836        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

22:01:41.0611 1836        AudioSrv - ok

22:01:41.0831 1836        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

22:01:42.0121 1836        audstub - ok

22:01:42.0372 1836        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

22:01:42.0652 1836        Beep - ok

22:01:42.0862 1836        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

22:01:43.0293 1836        BITS - ok

22:01:43.0593 1836        Bridge          (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

22:01:43.0683 1836        Bridge - ok

22:01:43.0694 1836        BridgeMP        (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

22:01:43.0764 1836        BridgeMP - ok

22:01:43.0974 1836        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

22:01:44.0284 1836        Browser - ok

22:01:44.0585 1836        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

22:01:44.0835 1836        cbidf2k - ok

22:01:45.0096 1836        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

22:01:45.0406 1836        CCDECODE - ok

22:01:45.0636 1836        cd20xrnt - ok

22:01:45.0897 1836        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

22:01:46.0197 1836        Cdaudio - ok

22:01:46.0488 1836        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

22:01:46.0748 1836        Cdfs - ok

22:01:46.0958 1836        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

22:01:47.0299 1836        Cdrom - ok

22:01:47.0559 1836        Changer - ok

22:01:47.0659 1836        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

22:01:47.0890 1836        CiSvc - ok

22:01:48.0070 1836        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

22:01:48.0380 1836        ClipSrv - ok

22:01:48.0581 1836        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:01:48.0591 1836        clr_optimization_v2.0.50727_32 - ok

22:01:48.0721 1836        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:01:48.0781 1836        clr_optimization_v4.0.30319_32 - ok

22:01:49.0021 1836        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

22:01:49.0322 1836        CmBatt - ok

22:01:49.0612 1836        CmdIde - ok

22:01:49.0822 1836        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

22:01:50.0163 1836        Compbatt - ok

22:01:50.0323 1836        COMSysApp - ok

22:01:50.0383 1836        Cpqarray - ok

22:01:50.0583 1836        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

22:01:50.0864 1836        CryptSvc - ok

22:01:51.0064 1836        dac2w2k - ok

22:01:51.0094 1836        dac960nt - ok

22:01:51.0194 1836        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

22:01:51.0304 1836        DcomLaunch - ok

22:01:51.0685 1836        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

22:01:51.0935 1836        Dhcp - ok

22:01:52.0196 1836        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

22:01:52.0436 1836        Disk - ok

22:01:52.0706 1836        dmadmin - ok

22:01:52.0847 1836        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

22:01:53.0187 1836        dmboot - ok

22:01:53.0498 1836        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

22:01:53.0738 1836        dmio - ok

22:01:54.0008 1836        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

22:01:54.0329 1836        dmload - ok

22:01:54.0579 1836        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

22:01:54.0860 1836        dmserver - ok

22:01:55.0130 1836        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

22:01:55.0460 1836        DMusic - ok

22:01:55.0721 1836        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

22:01:55.0781 1836        Dnscache - ok

22:01:56.0001 1836        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

22:01:56.0252 1836        Dot3svc - ok

22:01:56.0552 1836        dpti2o - ok

22:01:56.0812 1836        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

22:01:57.0103 1836        drmkaud - ok

22:01:57.0393 1836        dtsoftbus01     (fb38473835476a6fb272215a1d972af9) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

22:01:57.0443 1836        dtsoftbus01 - ok

22:01:57.0674 1836        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

22:01:57.0984 1836        EapHost - ok

22:01:58.0214 1836        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

22:01:58.0475 1836        ERSvc - ok

22:01:58.0885 1836        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

22:01:58.0935 1836        Eventlog - ok

22:01:59.0176 1836        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

22:01:59.0256 1836        EventSystem - ok

22:01:59.0616 1836        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

22:01:59.0917 1836        Fastfat - ok

22:02:00.0137 1836        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

22:02:00.0177 1836        FastUserSwitchingCompatibility - ok

22:02:00.0578 1836        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

22:02:00.0868 1836        Fdc - ok

22:02:01.0079 1836        FETNDIS         (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys

22:02:01.0319 1836        FETNDIS - ok

22:02:01.0559 1836        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

22:02:01.0810 1836        Fips - ok

22:02:02.0070 1836        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

22:02:02.0310 1836        Flpydisk - ok

22:02:02.0631 1836        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

22:02:02.0941 1836        FltMgr - ok

22:02:03.0172 1836        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

22:02:03.0182 1836        FontCache3.0.0.0 - ok

22:02:03.0452 1836        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

22:02:03.0752 1836        Fs_Rec - ok

22:02:04.0013 1836        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

22:02:04.0253 1836        Ftdisk - ok

22:02:04.0533 1836        ggflt           (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys

22:02:04.0554 1836        ggflt - ok

22:02:04.0844 1836        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys

22:02:04.0864 1836        ggsemc - ok

22:02:05.0074 1836        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

22:02:05.0365 1836        Gpc - ok

22:02:05.0585 1836        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

22:02:05.0815 1836        helpsvc - ok

22:02:05.0935 1836        HidServ - ok

22:02:06.0076 1836        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

22:02:06.0346 1836        hkmsvc - ok

22:02:06.0566 1836        hpn - ok

22:02:06.0857 1836        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

22:02:06.0957 1836        HTTP - ok

22:02:07.0227 1836        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

22:02:07.0548 1836        HTTPFilter - ok

22:02:07.0758 1836        i2omgmt - ok

22:02:07.0778 1836        i2omp - ok

22:02:07.0858 1836        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

22:02:08.0119 1836        i8042prt - ok

22:02:08.0449 1836        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

22:02:08.0719 1836        idsvc - ok

22:02:08.0980 1836        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

22:02:09.0290 1836        Imapi - ok

22:02:09.0591 1836        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

22:02:09.0831 1836        ImapiService - ok

22:02:10.0051 1836        ini910u - ok

22:02:10.0162 1836        IntelIde - ok

22:02:10.0232 1836        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

22:02:10.0532 1836        Ip6Fw - ok

22:02:10.0722 1836        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

22:02:10.0963 1836        IpFilterDriver - ok

22:02:11.0213 1836        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

22:02:11.0503 1836        IpInIp - ok

22:02:11.0764 1836        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

22:02:12.0014 1836        IpNat - ok

22:02:12.0295 1836        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

22:02:12.0575 1836        IPSec - ok

22:02:12.0815 1836        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

22:02:12.0906 1836        IRENUM - ok

22:02:13.0176 1836        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

22:02:13.0376 1836        isapnp - ok

22:02:13.0807 1836        JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe

22:02:13.0827 1836        JavaQuickStarterService - ok

22:02:14.0097 1836        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

22:02:14.0398 1836        Kbdclass - ok

22:02:14.0758 1836        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

22:02:15.0039 1836        kmixer - ok

22:02:15.0259 1836        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

22:02:15.0339 1836        KSecDD - ok

22:02:15.0599 1836        LanmanServer    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

22:02:15.0680 1836        LanmanServer - ok

22:02:15.0940 1836        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

22:02:16.0020 1836        lanmanworkstation - ok

22:02:16.0240 1836        lbrtfdc - ok

22:02:16.0561 1836        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

22:02:16.0821 1836        LmHosts - ok

22:02:16.0951 1836        MDM             (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

22:02:16.0981 1836        MDM - ok

22:02:17.0212 1836        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

22:02:17.0462 1836        Messenger - ok

22:02:17.0722 1836        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

22:02:17.0983 1836        mnmdd - ok

22:02:18.0213 1836        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

22:02:18.0423 1836        mnmsrvc - ok

22:02:18.0744 1836        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

22:02:19.0034 1836        Modem - ok

22:02:19.0305 1836        MODEMCSA        (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

22:02:19.0505 1836        MODEMCSA - ok

22:02:19.0785 1836        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

22:02:20.0096 1836        Mouclass - ok

22:02:20.0376 1836        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

22:02:20.0607 1836        MountMgr - ok

22:02:20.0837 1836        mraid35x - ok

22:02:21.0107 1836        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

22:02:21.0408 1836        MRxDAV - ok

22:02:21.0688 1836        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

22:02:21.0808 1836        MRxSmb - ok

22:02:22.0039 1836        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

22:02:22.0339 1836        MSDTC - ok

22:02:22.0750 1836        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

22:02:22.0960 1836        Msfs - ok

22:02:23.0130 1836        MSIServer - ok

22:02:23.0250 1836        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

22:02:23.0551 1836        MSKSSRV - ok

22:02:23.0821 1836        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

22:02:24.0032 1836        MSPCLOCK - ok

22:02:24.0292 1836        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

22:02:24.0592 1836        MSPQM - ok

22:02:24.0893 1836        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

22:02:25.0053 1836        mssmbios - ok

22:02:25.0303 1836        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

22:02:25.0604 1836        MSTEE - ok

22:02:25.0844 1836        Mtlmnt5         (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys

22:02:26.0084 1836        Mtlmnt5 - ok

22:02:26.0415 1836        Mtlstrm         (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys

22:02:26.0826 1836        Mtlstrm - ok

22:02:27.0116 1836        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

22:02:27.0186 1836        Mup - ok

22:02:27.0386 1836        MySQL55 - ok

22:02:27.0657 1836        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

22:02:27.0957 1836        NABTSFEC - ok

22:02:28.0187 1836        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

22:02:28.0448 1836        napagent - ok

22:02:28.0738 1836        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

22:02:29.0029 1836        NDIS - ok

22:02:29.0289 1836        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

22:02:29.0499 1836        NdisIP - ok

22:02:29.0770 1836        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

22:02:29.0850 1836        NdisTapi - ok

22:02:30.0170 1836        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

22:02:30.0431 1836        Ndisuio - ok

22:02:30.0701 1836        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

22:02:30.0931 1836        NdisWan - ok

22:02:31.0202 1836        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

22:02:31.0272 1836        NDProxy - ok

22:02:31.0562 1836        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

22:02:31.0833 1836        NetBIOS - ok

22:02:32.0113 1836        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

22:02:32.0343 1836        NetBT - ok

22:02:32.0614 1836        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

22:02:32.0834 1836        NetDDE - ok

22:02:32.0854 1836        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

22:02:33.0085 1836        NetDDEdsdm - ok

22:02:33.0325 1836        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

22:02:33.0525 1836        Netlogon - ok

22:02:33.0776 1836        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

22:02:34.0026 1836        Netman - ok

22:02:34.0436 1836        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

22:02:35.0158 1836        NetTcpPortSharing - ok

22:02:35.0828 1836        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

22:02:36.0179 1836        NIC1394 - ok

22:02:36.0910 1836        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

22:02:36.0970 1836        Nla - ok

22:02:37.0461 1836        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

22:02:37.0731 1836        Npfs - ok

22:02:38.0222 1836        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

22:02:38.0713 1836        Ntfs - ok

22:02:39.0133 1836        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

22:02:39.0324 1836        NtLmSsp - ok

22:02:40.0014 1836        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

22:02:41.0256 1836        NtmsSvc - ok

22:02:41.0777 1836        NtMtlFax        (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys

22:02:42.0087 1836        NtMtlFax - ok

22:02:42.0508 1836        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

22:02:42.0748 1836        Null - ok

22:02:43.0129 1836        NuVision        (9817088c20df6d6f82b36dd2ba4992ad) C:\WINDOWS\system32\DRIVERS\NUVision.sys

22:02:43.0209 1836        NuVision ( UnsignedFile.Multi.Generic ) - warning

22:02:43.0219 1836        NuVision - detected UnsignedFile.Multi.Generic (1)

22:02:43.0730 1836        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

22:02:44.0060 1836        NwlnkFlt - ok

22:02:44.0561 1836        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

22:02:44.0912 1836        NwlnkFwd - ok

22:02:45.0282 1836        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

22:02:45.0552 1836        ohci1394 - ok

22:02:45.0773 1836        OMSI download service (da345de3b450e9e1691e7b9956d8ffc3) C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

22:02:45.0803 1836        OMSI download service ( UnsignedFile.Multi.Generic ) - warning

22:02:45.0803 1836        OMSI download service - detected UnsignedFile.Multi.Generic (1)

22:02:45.0893 1836        ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

22:02:45.0903 1836        ose - ok

22:02:46.0193 1836        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

22:02:46.0494 1836        Parport - ok

22:02:46.0834 1836        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

22:02:47.0055 1836        PartMgr - ok

22:02:47.0295 1836        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

22:02:47.0565 1836        ParVdm - ok

22:02:47.0836 1836        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

22:02:48.0076 1836        PCI - ok

22:02:48.0276 1836        PCIDump - ok

22:02:48.0387 1836        PCIIde - ok

22:02:48.0677 1836        PCloudd         (e3993fd134812e55fc8885d924d46d58) C:\Programme\Iomega Storage Manager\pCloudd.exe

22:02:48.0727 1836        PCloudd ( UnsignedFile.Multi.Generic ) - warning

22:02:48.0727 1836        PCloudd - detected UnsignedFile.Multi.Generic (1)

22:02:48.0997 1836        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

22:02:49.0278 1836        Pcmcia - ok

22:02:50.0049 1836        PDCOMP - ok

22:02:50.0339 1836        PDFRAME - ok

22:02:50.0560 1836        PDRELI - ok

22:02:50.0780 1836        PDRFRAME - ok

22:02:50.0990 1836        perc2 - ok

22:02:51.0211 1836        perc2hib - ok

22:02:51.0461 1836        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

22:02:51.0501 1836        PlugPlay - ok

22:02:51.0741 1836        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

22:02:51.0972 1836        PolicyAgent - ok

22:02:52.0442 1836        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

22:02:52.0853 1836        PptpMiniport - ok

22:02:53.0744 1836        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

22:02:53.0995 1836        ProtectedStorage - ok

22:02:54.0846 1836        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

22:02:55.0236 1836        PSched - ok

22:02:55.0737 1836        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

22:02:55.0997 1836        Ptilink - ok

22:02:56.0218 1836        ql1080 - ok

22:02:56.0248 1836        Ql10wnt - ok

22:02:56.0278 1836        ql12160 - ok

22:02:56.0298 1836        ql1240 - ok

22:02:56.0328 1836        ql1280 - ok

22:02:56.0408 1836        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

22:02:56.0648 1836        RasAcd - ok

22:02:56.0859 1836        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

22:02:57.0089 1836        RasAuto - ok

22:02:57.0349 1836        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

22:02:57.0550 1836        Rasl2tp - ok

22:02:57.0810 1836        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

22:02:58.0080 1836        RasMan - ok

22:02:58.0351 1836        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

22:02:58.0571 1836        RasPppoe - ok

22:02:58.0832 1836        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

22:02:59.0102 1836        Raspti - ok

22:02:59.0372 1836        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

22:02:59.0613 1836        Rdbss - ok

22:02:59.0873 1836        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

22:03:00.0143 1836        RDPCDD - ok

22:03:00.0474 1836        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

22:03:00.0684 1836        rdpdr - ok

22:03:00.0945 1836        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

22:03:01.0005 1836        RDPWD - ok

22:03:01.0265 1836        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

22:03:01.0575 1836        RDSessMgr - ok

22:03:03.0028 1836        RecAgent        (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys

22:03:03.0238 1836        RecAgent - ok

22:03:03.0508 1836        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

22:03:03.0769 1836        redbook - ok

22:03:04.0159 1836        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

22:03:04.0460 1836        RemoteAccess - ok

22:03:04.0730 1836        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll

22:03:04.0970 1836        RemoteRegistry - ok

22:03:05.0251 1836        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

22:03:05.0491 1836        RpcLocator - ok

22:03:05.0802 1836        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

22:03:05.0882 1836        RpcSs - ok

22:03:06.0142 1836        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

22:03:06.0422 1836        RSVP - ok

22:03:06.0763 1836        rtl8180         (ed90eb06fcfb05dd4cdbe240b4b8122e) C:\WINDOWS\system32\DRIVERS\RTL8180.SYS

22:03:06.0873 1836        rtl8180 - ok

22:03:07.0103 1836        s0016bus        (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys

22:03:07.0123 1836        s0016bus - ok

22:03:07.0374 1836        s0016mdfl       (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys

22:03:07.0394 1836        s0016mdfl - ok

22:03:07.0784 1836        s0016mdm        (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys

22:03:07.0794 1836        s0016mdm - ok

22:03:08.0045 1836        s0016mgmt       (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys

22:03:08.0065 1836        s0016mgmt - ok

22:03:08.0305 1836        s0016nd5        (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys

22:03:08.0315 1836        s0016nd5 - ok

22:03:08.0606 1836        s0016obex       (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys

22:03:08.0626 1836        s0016obex - ok

22:03:08.0916 1836        s0016unic       (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys

22:03:08.0936 1836        s0016unic - ok

22:03:09.0166 1836        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

22:03:09.0437 1836        SamSs - ok

22:03:09.0677 1836        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

22:03:09.0887 1836        SCardSvr - ok

22:03:10.0138 1836        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

22:03:10.0438 1836        Schedule - ok

22:03:10.0759 1836        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

22:03:10.0829 1836        Secdrv - ok

22:03:11.0059 1836        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

22:03:11.0299 1836        seclogon - ok

22:03:11.0620 1836        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

22:03:11.0860 1836        SENS - ok

22:03:12.0121 1836        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys

22:03:12.0381 1836        Serial - ok

22:03:12.0732 1836        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

22:03:12.0912 1836        Sfloppy - ok

22:03:13.0182 1836        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

22:03:13.0493 1836        SharedAccess - ok

22:03:14.0043 1836        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

22:03:14.0063 1836        ShellHWDetection - ok

22:03:14.0284 1836        Simbad - ok

22:03:14.0434 1836        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

22:03:14.0674 1836        SLIP - ok

22:03:14.0905 1836        Slntamr         (2c1779c0feb1f4a6033600305eba623a) C:\WINDOWS\system32\DRIVERS\slntamr.sys

22:03:15.0095 1836        Slntamr - ok

22:03:15.0465 1836        SlNtHal         (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys

22:03:15.0746 1836        SlNtHal - ok

22:03:15.0746 1836        SLService - ok

22:03:16.0026 1836        SlWdmSup        (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys

22:03:16.0207 1836        SlWdmSup - ok

22:03:16.0397 1836        Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe

22:03:16.0417 1836        Sony Ericsson PCCompanion - ok

22:03:16.0697 1836        Sparrow - ok

22:03:16.0948 1836        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

22:03:17.0248 1836        splitter - ok

22:03:17.0478 1836        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

22:03:17.0568 1836        Spooler - ok

22:03:17.0849 1836        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

22:03:17.0959 1836        sr - ok

22:03:18.0199 1836        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

22:03:18.0340 1836        srservice - ok

22:03:18.0700 1836        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

22:03:18.0810 1836        Srv - ok

22:03:19.0061 1836        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

22:03:19.0171 1836        SSDPSRV - ok

22:03:19.0441 1836        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

22:03:19.0692 1836        stisvc - ok

22:03:19.0922 1836        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

22:03:20.0162 1836        streamip - ok

22:03:20.0503 1836        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

22:03:20.0753 1836        swenum - ok

22:03:21.0033 1836        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

22:03:21.0264 1836        swmidi - ok

22:03:21.0434 1836        SwPrv - ok

22:03:21.0494 1836        symc810 - ok

22:03:21.0524 1836        symc8xx - ok

22:03:21.0905 1836        sym_hi - ok

22:03:22.0015 1836        sym_u3 - ok

22:03:22.0095 1836        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

22:03:22.0375 1836        sysaudio - ok

22:03:22.0526 1836        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

22:03:22.0776 1836        SysmonLog - ok

22:03:23.0026 1836        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

22:03:23.0357 1836        TapiSrv - ok

22:03:23.0667 1836        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

22:03:23.0747 1836        Tcpip - ok

22:03:23.0988 1836        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

22:03:24.0218 1836        TDPIPE - ok

22:03:24.0458 1836        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

22:03:24.0689 1836        TDTCP - ok

22:03:24.0949 1836        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

22:03:25.0209 1836        TermDD - ok

22:03:25.0580 1836        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

22:03:25.0790 1836        TermService - ok

22:03:26.0041 1836        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

22:03:26.0061 1836        Themes - ok

22:03:26.0331 1836        TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe

22:03:26.0441 1836        TlntSvr - ok

22:03:26.0682 1836        TosIde - ok

22:03:26.0902 1836        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

22:03:27.0152 1836        TrkWks - ok

22:03:27.0423 1836        uagp35          (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys

22:03:27.0653 1836        uagp35 - ok

22:03:27.0903 1836        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

22:03:28.0174 1836        Udfs - ok

22:03:28.0374 1836        ultra - ok

22:03:28.0474 1836        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

22:03:28.0694 1836        Update - ok

22:03:28.0925 1836        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

22:03:29.0045 1836        upnphost - ok

22:03:29.0265 1836        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

22:03:29.0506 1836        UPS - ok

22:03:29.0826 1836        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

22:03:30.0046 1836        usbaudio - ok

22:03:30.0367 1836        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

22:03:30.0637 1836        usbccgp - ok

22:03:30.0908 1836        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

22:03:31.0078 1836        usbehci - ok

22:03:31.0338 1836        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

22:03:31.0609 1836        usbhub - ok

22:03:31.0839 1836        usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:03:32.0059 1836        usbstor - ok

22:03:32.0310 1836        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

22:03:32.0590 1836        usbuhci - ok

22:03:32.0850 1836        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

22:03:33.0071 1836        usbvideo - ok

22:03:33.0321 1836        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

22:03:33.0582 1836        VgaSave - ok

22:03:33.0842 1836        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

22:03:34.0042 1836        ViaIde - ok

22:03:34.0333 1836        VIAudio         (ec14fedcfc97f0af98215ce385afec23) C:\WINDOWS\system32\drivers\viaudios.sys

22:03:34.0503 1836        VIAudio - ok

22:03:34.0823 1836        vNICdrv         (eedef70f54e4bab9d7a8d79f3418b3f1) C:\WINDOWS\system32\DRIVERS\vNICdrv.sys

22:03:34.0843 1836        vNICdrv - ok

22:03:35.0114 1836        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

22:03:35.0364 1836        VolSnap - ok

22:03:35.0634 1836        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

22:03:35.0725 1836        VSS - ok

22:03:35.0975 1836        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

22:03:36.0195 1836        W32Time - ok

22:03:36.0456 1836        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

22:03:36.0666 1836        Wanarp - ok

22:03:36.0916 1836        wceusbsh        (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

22:03:36.0986 1836        wceusbsh - ok

22:03:37.0277 1836        Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

22:03:37.0357 1836        Wdf01000 - ok

22:03:37.0567 1836        WDICA - ok

22:03:37.0717 1836        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

22:03:37.0988 1836        wdmaud - ok

22:03:38.0148 1836        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

22:03:38.0338 1836        WebClient - ok

22:03:38.0649 1836        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

22:03:38.0919 1836        winmgmt - ok

22:03:39.0160 1836        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

22:03:39.0230 1836        WmdmPmSN - ok

22:03:40.0071 1836        Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll

22:03:40.0181 1836        Wmi - ok

22:03:40.0552 1836        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

22:03:40.0832 1836        WmiApSrv - ok

22:03:41.0172 1836        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

22:03:41.0273 1836        WPFFontCache_v0400 - ok

22:03:41.0513 1836        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

22:03:41.0773 1836        wscsvc - ok

22:03:41.0974 1836        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

22:03:42.0144 1836        WSTCODEC - ok

22:03:42.0364 1836        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

22:03:42.0615 1836        wuauserv - ok

22:03:42.0865 1836        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

22:03:42.0925 1836        WudfPf - ok

22:03:43.0155 1836        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

22:03:43.0195 1836        WudfRd - ok

22:03:43.0416 1836        WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

22:03:43.0506 1836        WudfSvc - ok

22:03:43.0896 1836        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

22:03:44.0187 1836        WZCSVC - ok

22:03:44.0417 1836        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

22:03:44.0687 1836        xmlprov - ok

22:03:44.0758 1836        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

22:03:45.0128 1836        \Device\Harddisk0\DR0 - ok

22:03:45.0168 1836        Boot (0x1200)   (4c3168a4153672a18a5d1ff5c7a62ef1) \Device\Harddisk0\DR0\Partition0

22:03:45.0178 1836        \Device\Harddisk0\DR0\Partition0 - ok

22:03:45.0178 1836        ============================================================

22:03:45.0178 1836        Scan finished

22:03:45.0178 1836        ============================================================

22:03:45.0298 2440        Detected object count: 5

22:03:45.0298 2440        Actual detected object count: 5

Der untere Teil vom Log fehlt. Unter der Anzahl der Objekte, die der TDSS-Killer beanstandet müsste genau diese Einträge alle nochmal aufgelistet werden

Ich habe aber den Log eins zu eins übertragen. (außer den User-Namen)

ahhhh... ich hatte noch nicht auf close geklickt, sondern hab das Fenster offen gelassen...
hier nunn noch der Rest:
Schnipsel

Code:

07:28:57.0091 2440        Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user

07:28:57.0091 2440        Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

07:28:57.0091 2440        ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user

07:28:57.0091 2440        ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip 

07:28:57.0091 2440        NuVision ( UnsignedFile.Multi.Generic ) - skipped by user

07:28:57.0091 2440        NuVision ( UnsignedFile.Multi.Generic ) - User select action: Skip 

07:28:57.0091 2440        OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user

07:28:57.0091 2440        OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

07:28:57.0091 2440        PCloudd ( UnsignedFile.Multi.Generic ) - skipped by user

07:28:57.0101 2440        PCloudd ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 12-03-27.02 - *** 27.03.2012  19:53:07.1.1 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.511.162 [GMT 2:00]

ausgeführt von:: \\Faith\shareddocs\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\hpeA.dll

c:\windows\IsUn0407.exe

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))

.

.

2012-03-26 13:47 . 2012-03-26 13:47        --------        d-----w-        C:\_OTL

2012-03-21 19:41 . 2012-03-21 19:41        --------        d-----w-        c:\programme\ESET

2012-03-20 19:18 . 2012-03-20 19:18        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes

2012-03-20 18:17 . 2012-03-20 18:17        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2012-03-20 18:17 . 2012-03-20 18:17        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2012-03-20 18:17 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-03-14 23:04 . 2012-03-20 18:16        --------        d-----w-        c:\dokumente und einstellungen\Administrator

2012-03-14 22:53 . 2012-03-14 22:54        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\kodak

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-26 14:07 . 2011-07-22 15:03        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-04 07:16 . 2012-02-04 07:16        40960        ----a-r-        c:\dokumente und einstellungen\***\Anwendungsdaten\Microsoft\Installer\{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}\ARPPRODUCTICON.exe

2012-02-03 09:57 . 2008-04-14 12:00        1860224        ----a-w-        c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-16 21:22        3072        ------w-        c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2011-07-22 09:25        139784        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-03-26 14:04 . 2011-12-08 08:30        97208        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AtiPTA"="atiptaxx.exe" [2006-02-22 344064]

"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

Monitor Apache Servers.lnk - c:\server\Apache2\bin\ApacheMonitor.exe [2011-8-30 41051]

RtlWake.lnk - c:\programme\Realtek\Rtl8180\FRtlWake.exe [2011-8-1 28672]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SCardSvr"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [22.12.2011 22:24 239168]

S2 Apache2.2;Apache2.2;c:\server\Apache2\bin\httpd.exe [30.08.2011 21:54 20549]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]

S2 MySQL55;MySQL55;"c:\server\mysql\MySQL Server 5.5\bin\mysqld" --defaults-file="c:\dokumente und einstellungen\All Users\Anwendungsdaten\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> c:\server\mysql\MySQL Server 5.5\bin\mysqld [?]

S2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [13.11.2011 11:29 90112]

S2 PCloudd;PCloudd;c:\programme\Iomega Storage Manager\pCloudd.exe [06.08.2011 03:14 207360]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [08.09.2011 19:56 13224]

S3 NuVision;Hauppauge WinTV USB Pro (PAL B/G);c:\windows\system32\drivers\Nuvision.sys [12.11.2011 14:26 259528]

S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [01.08.2011 20:03 151808]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [08.09.2011 19:43 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [08.09.2011 19:43 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [08.09.2011 19:43 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [08.09.2011 19:43 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [08.09.2011 19:43 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [08.09.2011 19:43 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [08.09.2011 19:43 115752]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [08.09.2011 19:41 155344]

S3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\drivers\vNICdrv.sys [06.08.2011 03:14 17488]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]

.

Inhalt des "geplante Tasks" Ordners

.

2012-03-27 c:\windows\Tasks\User_Feed_Synchronization-{3528E980-125F-4B0E-98D4-673D5501AB05}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{70C4AB4D-F5A9-4693-9EB3-1516A66CA6F4}: NameServer = 192.168.0.1

FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\xs0nfffy.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-2kv4.8.442 - c:\windows\Radeon Omega Drivers v4.8.442

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-03-27 20:06

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL55]

"ImagePath"="\"c:\server\mysql\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\dokumente und einstellungen\All Users\Anwendungsdaten\MySQL\MySQL Server 5.5\my.ini\" MySQL55"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(640)

c:\windows\system32\Ati2evxx.dll

.

Zeit der Fertigstellung: 2012-03-27  20:11:50

ComboFix-quarantined-files.txt  2012-03-27 18:11

.

Vor Suchlauf: 13 Verzeichnis(se), 28.220.416.000 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 28.481.134.592 Bytes frei

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 7D74D84955022FC479A7657107CCCBA1

--- --- ---