Extreme Internet/Rechnerverlangsamung

BraucheHilf · 21.05.2012, 17:11

Guten Tag,

ich entschuldige mich hiermit im Voraus für alle formalen Fehler, die ich hier begehe/begehen werde. Da ich neu bin ist mir hier der genaue Ablauf nicht 100% bekannt.

Ich versuche nun die Situation zu beschreiben:

Zunächst ist mir der genaue Zeitpunkt des Eintretens und das Wie/Was unbekannt, da ich leider übers Wochenende nicht zuhause war und den genauen Werdegang nicht nachvollziehen kann ( da Verwandter am Rechner war).

Fazit mit folgenden Symptomen ist:

1) Ein extrem verlangsamter, teilweise eingefrorener Rechner
2) Ein extrem verlangsamtes, teilweise abbrechendes Internet

Antivir drüberlaufen lassen, aber 'EXP/Java.Blacole.CZ' [exploit] war das einzige, was gefunden wurde.
Problem besteht weiterhin.

Ich schätze, ich werde hier versch. Logs posten müssen. Es wäre freundlich, wenn ihr kurz einen DL-Link in eure Posts einfügen würdet, da sich die Suche mit meinem Inet gerade als etwas "schwierig" erweist. Danke fürs Verständnis..

mfg

1. Scan mit mbam

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.21.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Besitzer :: ACER-F5DADEF16C [Administrator]

21.05.2012 18:28:44
mbam-log-2012-05-21 (18-40-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 244716
Laufzeit: 11 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\SoftonicDownloader_for_aol.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\538078.Uninstall\Uninstall.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt.

(Ende)

Danach meldete sich auch plötzlich avira 2x :

In der Datei 'C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\SoftonicDownloader_for_aol.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen

In der Datei 'C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\538078.Uninstall\Uninstall.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen

2. Scan drüberlaufen lassen

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.21.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Besitzer :: ACER-F5DADEF16C [Administrator]

21.05.2012 18:49:15
mbam-log-2012-05-21 (18-49-15).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 244551
Laufzeit: 11 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 21.05.2012, 19:43

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

BraucheHilf · 23.05.2012, 15:23

Code:

ATTFilter

 # unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-21 09:26:07
# local_time=2012-05-21 11:26:07 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 100 37761 113150351 31156 0
# compatibility_mode=8192 67108863 100 0 473 473 0 0
# scanned=12915
# found=0
# cleaned=0
# scan_time=523
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=980e2cdd60721b4f8310ebe5aad30622
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-23 02:19:23
# local_time=2012-05-23 04:19:23 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 100 180021 113292611 173416 0
# compatibility_mode=8192 67108863 100 0 142733 142733 0 0
# scanned=158408
# found=7
# cleaned=0
# scan_time=5457
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\aTube_Catcher_Installer.exe	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\A56E4DA7-BAB0-7891-9508-56FD958CA7ED\Latest\MyBabylonTB.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\ICReinstall\Facemoods.exe	probably a variant of Win32/InstallCore.A application (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\is1293846689\MyBabylonTB.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Ocean Technologies & Media\GG E-Sports Platform\plugins\FixedUpdatePlugin.dll	probably a variant of Win32/TrojanDownloader.Agent.JOPAUPF trojan (unable to clean)	00000000000000000000000000000000	I
D:\Eigene Dateien\HL2_UK\Steam.dll.bak	probably a variant of Win32/Agent.JBGSCWH trojan (unable to clean)	00000000000000000000000000000000	I

Hoffe alles ist richtig so.

mfg

cosinus · 23.05.2012, 20:00

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

BraucheHilf · 23.05.2012, 20:35

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.05.2012 21:20:54 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,36 Mb Total Physical Memory | 631,25 Mb Available Physical Memory | 61,68% Memory free
2,40 Gb Paging File | 1,86 Gb Available in Paging File | 77,27% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,91 Gb Total Space | 20,18 Gb Free Space | 21,49% Space Free | Partition Type: NTFS
Drive D: | 92,38 Gb Total Space | 59,34 Gb Free Space | 64,23% Space Free | Partition Type: FAT32
 
Computer Name: ACER-F5DADEF16C | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.23 21:19:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe
PRC - [2009.08.05 15:32:29 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.01 04:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008.02.01 04:00:54 | 003,661,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.3\bin\postgres.exe
PRC - [2004.11.09 22:36:02 | 000,497,240 | ---- | M] (America Online, Inc) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe
PRC - [2004.11.09 22:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe
PRC - [2003.06.17 17:14:40 | 000,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.10.14 18:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009.01.28 16:03:49 | 000,326,401 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2005.08.05 15:26:04 | 000,239,104 | ---- | M] () -- C:\WINDOWS\system32\psisdecd.dll
MOD - [2005.08.05 15:26:04 | 000,224,256 | ---- | M] () -- C:\WINDOWS\system32\psisrndr.ax
MOD - [2005.08.05 15:26:02 | 000,062,976 | ---- | M] () -- C:\WINDOWS\system32\mpeg2data.ax
MOD - [2005.08.05 14:02:02 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2005.08.05 14:01:14 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\msnp.ax
MOD - [2004.11.09 21:36:12 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\aol\ACS\DE\DialerRes.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.05.21 21:40:19 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.24 14:21:01 | 000,014,848 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe -- (SystemStore)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009.08.05 15:32:29 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.02.01 04:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2005.06.21 00:10:30 | 000,053,248 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2004.11.09 22:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe -- (AOL ACS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- I:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2010.09.04 15:10:53 | 000,025,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\PRFCC8.tmp -- (GarenaPEngine)
DRV - [2010.01.30 13:41:21 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007.04.10 13:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.06 18:43:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006.06.13 20:09:14 | 000,969,728 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005.03.09 08:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.01.25 07:56:47 | 000,029,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\krdpdre.sys -- (krdpdre)
DRV - [2003.01.10 23:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=a0ed97790000000000000019dbc2cad6
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=30d11c04-714e-49fc-b675-c4596f09a4f5&apn_sauid=0A4B73D3-1F66-4D8B-94DD-DD0187EA0C7F
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=a0ed97790000000000000019dbc2cad6&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Programme\Octoshape Streaming Services\Besitzer\octoprogram-L03-NMS1010120_SUA_001\npoctoshape.dll (Octoshape ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.21 23:45:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2012.04.11 15:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions
[2012.05.21 18:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5uwxdfjn.default\extensions
[2012.04.11 15:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.21 21:40:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.05.21 21:40:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.21 17:44:43 | 000,002,313 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.05.21 21:40:12 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.05.21 21:40:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.21 21:40:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.21 21:40:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.21 21:40:12 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe (America Online, Inc)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-484763869-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF18D33F-54F0-4846-9CAB-A38BFE1176F5}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.02.14 14:32:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "RichVideo"
MsConfig - Services: "LightScribeService"
MsConfig - Services: "Browser Defender Update Service"
MsConfig - Services: "sdCoreService"
MsConfig - Services: "sdAuxService"
MsConfig - Services: "Brother XP spl Service"
MsConfig - Services: "SkypeUpdate"
MsConfig - Services: "SystemStore"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Status Monitor.lnk - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe - (Brother Industries, Ltd.)
MsConfig - StartUpFolder: C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk - C:\Programme\AOL 9.0\aoltray.exe - (America Online, Inc.)
MsConfig - StartUpFolder: C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: ApnUpdater - hkey= - key= -  File not found
MsConfig - StartUpReg: ControlCenter2.0 - hkey= - key= - C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: DVDTray - hkey= - key= - C:\Programme\Ahead\ODD Toolkit\dvdtray.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: DW6 - hkey= - key= -  File not found
MsConfig - StartUpReg: Guard.Mail.ru.gui - hkey= - key= -  File not found
MsConfig - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig - StartUpReg: ISTray - hkey= - key= -  File not found
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: Octoshape Streaming Services - hkey= - key= - C:\Programme\Octoshape Streaming Services\Besitzer\OctoshapeClient.exe ()
MsConfig - StartUpReg: Performance Center - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= -  File not found
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SetDefPrt - hkey= - key= - C:\Programme\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 1
MsConfig - State: "win.ini" - 2
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - lhacm.acm File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.23 21:19:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe
[2012.05.23 20:57:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Desktop\58
[2012.05.21 23:45:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\You've Got Pictures Screensaver
[2012.05.21 23:45:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache
[2012.05.21 23:45:08 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2012.05.21 23:45:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2012.05.21 23:45:01 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2012.05.21 23:45:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuickTime
[2012.05.21 23:43:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AOL
[2012.05.21 23:43:33 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\aolshare
[2012.05.21 23:43:29 | 000,000,000 | ---D | C] -- C:\Programme\AOL 9.0
[2012.05.21 23:09:31 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.05.21 21:40:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla
[2012.05.21 21:40:23 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2012.05.21 20:03:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Simply Super Software
[2012.05.21 18:17:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.05.21 18:17:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.05.21 18:17:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.05.21 17:44:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon
[2012.05.21 17:44:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon
[2012.05.21 17:44:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.05.21 09:36:59 | 000,000,000 | ---D | C] -- C:\Programme\Freemium
[2012.05.11 14:34:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\TubeBox
[2012.05.11 14:32:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Freemium TubeBox
[2012.05.11 14:32:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Freemium TubeBox
[2012.05.11 14:31:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Freemium
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.23 21:19:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe
[2012.05.23 20:58:50 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.05.23 20:58:43 | 000,051,712 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.23 17:42:35 | 000,026,682 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.05.23 17:42:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.05.23 17:40:56 | 000,000,209 | ---- | M] () -- C:\boot.ini
[2012.05.23 13:42:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.05.21 23:45:28 | 000,000,725 | ---- | M] () -- C:\WINDOWS\aolback.exe.lnk
[2012.05.21 23:45:17 | 000,000,574 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AOL 9.0.lnk
[2012.05.21 23:37:12 | 000,051,750 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\wklnhst.dat
[2012.05.21 17:45:00 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.05.21 12:54:09 | 000,000,006 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2012.05.21 09:38:54 | 000,255,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.17 01:32:54 | 000,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2012.05.10 00:05:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.05.09 23:59:03 | 000,528,964 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.05.09 23:59:03 | 000,504,060 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.09 23:59:03 | 000,106,428 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.05.09 23:59:03 | 000,088,914 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.21 23:45:17 | 000,000,574 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AOL 9.0.lnk
[2012.05.21 17:44:59 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.05.21 10:49:09 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2012.02.16 18:54:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.13 01:36:36 | 000,223,446 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.11.12 18:02:15 | 000,421,475 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1214440339-484763869-839522115-1003-0.dat
[2011.05.27 14:18:36 | 000,045,202 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\room_v3.dat
[2011.04.16 15:06:59 | 000,046,658 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\room.dat
[2011.03.10 18:29:31 | 000,248,579 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2010.11.21 15:51:12 | 000,000,379 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\postgresinstall.bat
[2010.09.04 21:33:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
 
========== LOP Check ==========
 
[2012.05.21 17:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.01.20 19:33:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009.01.01 16:15:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Jlcm
[2009.07.17 20:27:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PPLive
[2012.05.21 20:07:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.08.02 14:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2011.08.01 23:42:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XHEO INC
[2012.05.21 17:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon
[2009.04.25 21:52:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Desktopicon
[2012.05.11 14:31:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Freemium
[2011.08.01 23:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\HEM Data
[2011.09.17 12:48:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\HoldemManager
[2012.02.17 18:12:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ
[2008.02.15 15:08:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ Toolbar
[2009.04.17 16:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQLite
[2011.10.18 17:17:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jens Lorek
[2011.11.24 19:35:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PacificPoker
[2010.10.03 21:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\RayV
[2011.08.02 00:11:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Roaming
[2010.09.11 21:11:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TeamViewer
[2009.08.15 14:51:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Viewpoint
[2012.01.20 19:34:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.15 19:35:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Adobe
[2012.05.21 23:46:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AOL
[2012.05.21 17:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon
[2008.02.20 23:22:05 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Brother
[2008.02.14 15:18:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\CyberLink
[2009.04.25 21:52:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Desktopicon
[2008.12.25 00:02:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\dvdcss
[2012.05.11 14:31:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Freemium
[2008.04.16 17:52:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Help
[2011.08.01 23:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\HEM Data
[2011.09.17 12:48:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\HoldemManager
[2012.02.17 18:12:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ
[2008.02.15 15:08:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ Toolbar
[2009.04.17 16:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQLite
[2008.02.14 14:37:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Identities
[2008.02.15 14:33:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\InstallShield
[2011.10.18 17:17:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jens Lorek
[2008.02.15 14:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia
[2010.02.21 14:41:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes
[2012.04.15 19:35:44 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft
[2009.04.14 16:01:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mIRC
[2012.04.11 15:14:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla
[2011.09.05 23:10:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla-Cache
[2011.11.24 19:35:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PacificPoker
[2010.10.03 21:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\RayV
[2011.08.02 00:11:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Roaming
[2012.04.16 15:51:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Skype
[2011.08.08 00:54:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\skypePM
[2008.02.18 18:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sun
[2010.10.12 19:16:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\teamspeak2
[2010.09.11 21:11:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TeamViewer
[2008.10.27 18:19:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Ventrilo
[2009.08.15 14:51:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Viewpoint
[2008.04.17 16:50:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\vlc
[2008.02.17 18:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\WinRAR
[2012.05.21 23:45:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\You've Got Pictures Screensaver
 
< %APPDATA%\*.exe /s >
[2008.09.03 17:11:11 | 000,323,936 | ---- | M] (Octoshape ApS) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
[2011.10.18 17:17:02 | 000,034,494 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}\_6FEFF9B68218417F98F549.exe
[2012.03.06 00:24:24 | 000,009,158 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}\_6FEFF9B68218417F98F549.exe
[2012.03.06 00:24:24 | 000,009,158 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}\_B06349111D5E7CEE2A3C50.exe
[2012.03.06 00:24:24 | 000,009,158 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}\_BBE843A4210D005E08B21E.exe
[2012.03.06 00:24:24 | 000,009,158 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}\_ECF5B0A15121D905E30873.exe
[2012.01.27 20:54:09 | 000,034,494 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{6B48554C-9089-4177-A38D-B8FE122F11FC}\_6FEFF9B68218417F98F549.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.08.19 16:27:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.08.19 16:27:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.08.19 16:27:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.08.19 16:27:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.10 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.10 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.10 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.10 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.10 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.10 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.10 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.02.14 15:09:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.02.14 15:09:47 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.02.14 15:09:47 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[20 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9
@Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8

< End of report >

--- --- ---

[/code]

cosinus · 23.05.2012, 21:16

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=a0ed97790000000000000019dbc2cad6
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=30d11c04-714e-49fc-b675-c4596f09a4f5&apn_sauid=0A4B73D3-1F66-4D8B-94DD-DD0187EA0C7F
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=a0ed97790000000000000019dbc2cad6&q="
[2012.05.21 17:44:43 | 000,002,313 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-484763869-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.02.14 14:32:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2012.05.21 17:44:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon
[2012.05.21 17:44:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon
[2012.05.21 17:44:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.05.21 17:44:59 | 000,000,237 | ---- | C] () -- C:\user.js
[2008.02.15 15:08:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ Toolbar
@Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9
@Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

BraucheHilf · 23.05.2012, 21:43

Code:

ATTFilter

All processes killed
========== OTL ==========
Error: Unable to stop service xpsec!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xpsec deleted successfully.
File C:\WINDOWS\system32\drivers\xpsec.sys not found.
Error: Unable to stop service xcpip!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xcpip deleted successfully.
File C:\WINDOWS\system32\drivers\xcpip.sys not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=a0ed97790000000000000019dbc2cad6&q=" removed from keyword.URL
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon\Setup folder moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon folder moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon folder moved successfully.
C:\user.js moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ Toolbar folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
->Flash cache emptied: 35 bytes
 
User: Besitzer
->Temp folder emptied: 6561470023 bytes
->Temporary Internet Files folder emptied: 29117068 bytes
->Java cache emptied: 22755315 bytes
->FireFox cache emptied: 149074359 bytes
->Flash cache emptied: 9790558 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 352980 bytes
 
User: mrpgrey
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1225817 bytes
%systemroot%\System32 .tmp files removed: 21690943 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24518743 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 6.504,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
->Flash cache emptied: 0 bytes
 
User: Besitzer
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: LocalService
 
User: mrpgrey
 
User: NetworkService
 
User: postgres
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.1 log created on 05232012_223112

Files\Folders moved on Reboot...
C:\WINDOWS\temp\1e39981a moved successfully.
C:\WINDOWS\temp\1e4d8fcc moved successfully.
C:\WINDOWS\temp\2c96148e moved successfully.
C:\WINDOWS\temp\c9d8ca moved successfully.

Registry entries deleted on Reboot...

ARGH! Merke grad, dass ich den AntivirGuard nicht gestoppt hab... soll ichs nochmal machen?

Sry 4 Doppelpost,
habs nun nochmal ohne Guard gemacht.

Code:

ATTFilter

All processes killed
========== OTL ==========
Error: Unable to stop service xpsec!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xpsec deleted successfully.
File C:\WINDOWS\system32\drivers\xpsec.sys not found.
Error: Unable to stop service xcpip!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xcpip deleted successfully.
File C:\WINDOWS\system32\drivers\xcpip.sys not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=a0ed97790000000000000019dbc2cad6&q=" removed from keyword.URL
File C:\Programme\mozilla firefox\searchplugins\babylon.xml not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\AUTOEXEC.BAT not found.
Folder C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon\ not found.
Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon\ not found.
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon\ not found.
File C:\user.js not found.
Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ Toolbar\ not found.
Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 .
Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 .
Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
->Flash cache emptied: 35 bytes
 
User: Besitzer
->Temp folder emptied: 916853 bytes
->Temporary Internet Files folder emptied: 8694633 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39320039 bytes
->Flash cache emptied: 947 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33505 bytes
 
User: mrpgrey
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66349 bytes
RecycleBin emptied: 574 bytes
 
Total Files Cleaned = 47,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
->Flash cache emptied: 0 bytes
 
User: Besitzer
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: LocalService
 
User: mrpgrey
 
User: NetworkService
 
User: postgres
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.1 log created on 05232012_233349

Files\Folders moved on Reboot...
C:\WINDOWS\temp\25b5db7f moved successfully.
C:\WINDOWS\temp\5fc344f3 moved successfully.
C:\WINDOWS\temp\714bc546 moved successfully.
C:\WINDOWS\temp\de24e5c moved successfully.

Registry entries deleted on Reboot...

cosinus · 24.05.2012, 11:18

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

BraucheHilf · 24.05.2012, 11:33

Code:

ATTFilter

12:29:24.0953 5904	TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
12:29:25.0203 5904	============================================================
12:29:25.0203 5904	Current date / time: 2012/05/24 12:29:25.0203
12:29:25.0203 5904	SystemInfo:
12:29:25.0203 5904	
12:29:25.0203 5904	OS Version: 5.1.2600 ServicePack: 3.0
12:29:25.0203 5904	Product type: Workstation
12:29:25.0203 5904	ComputerName: ACER-F5DADEF16C
12:29:25.0203 5904	UserName: Besitzer
12:29:25.0203 5904	Windows directory: C:\WINDOWS
12:29:25.0203 5904	System windows directory: C:\WINDOWS
12:29:25.0203 5904	Processor architecture: Intel x86
12:29:25.0203 5904	Number of processors: 2
12:29:25.0203 5904	Page size: 0x1000
12:29:25.0203 5904	Boot type: Normal boot
12:29:25.0203 5904	============================================================
12:29:26.0671 5904	Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:29:26.0734 5904	============================================================
12:29:26.0734 5904	\Device\Harddisk0\DR0:
12:29:26.0734 5904	MBR partitions:
12:29:26.0734 5904	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBBD13E4
12:29:26.0750 5904	\Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0xBBD1462, BlocksNum 0xB8CC95F
12:29:26.0750 5904	============================================================
12:29:26.0750 5904	D: <-> \Device\Harddisk0\DR0\Partition1
12:29:26.0765 5904	C: <-> \Device\Harddisk0\DR0\Partition0
12:29:26.0765 5904	============================================================
12:29:26.0765 5904	Initialize success
12:29:26.0765 5904	============================================================
12:30:18.0734 4480	============================================================
12:30:18.0734 4480	Scan started
12:30:18.0734 4480	Mode: Manual; SigCheck; TDLFS; 
12:30:18.0734 4480	============================================================
12:30:19.0062 4480	3xHybrid        (b985bd6230ac8cc7526d89ef92ce05be) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
12:30:19.0234 4480	3xHybrid - ok
12:30:19.0234 4480	Abiosdsk - ok
12:30:19.0250 4480	abp480n5 - ok
12:30:19.0296 4480	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:30:19.0406 4480	ACPI - ok
12:30:19.0453 4480	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:30:20.0218 4480	ACPIEC - ok
12:30:20.0218 4480	adpu160m - ok
12:30:20.0250 4480	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:30:20.0375 4480	aec - ok
12:30:20.0406 4480	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:30:20.0437 4480	AFD - ok
12:30:20.0437 4480	Aha154x - ok
12:30:20.0437 4480	aic78u2 - ok
12:30:20.0453 4480	aic78xx - ok
12:30:20.0484 4480	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
12:30:20.0640 4480	Alerter - ok
12:30:20.0656 4480	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
12:30:20.0718 4480	ALG - ok
12:30:20.0718 4480	AliIde - ok
12:30:20.0765 4480	AmdK8           (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:30:20.0765 4480	AmdK8 - ok
12:30:20.0765 4480	amsint - ok
12:30:20.0875 4480	AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Programme\Avira\AntiVir Desktop\sched.exe
12:30:20.0890 4480	AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning
12:30:20.0890 4480	AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1)
12:30:20.0937 4480	AntiVirService  (b8720a787c1223492e6f319465e996ce) C:\Programme\Avira\AntiVir Desktop\avguard.exe
12:30:20.0953 4480	AntiVirService ( UnsignedFile.Multi.Generic ) - warning
12:30:20.0953 4480	AntiVirService - detected UnsignedFile.Multi.Generic (1)
12:30:21.0031 4480	AOL ACS         (85180cf88c5ebad73b452a43a004ca51) C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
12:30:21.0031 4480	AOL ACS - ok
12:30:21.0078 4480	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
12:30:21.0140 4480	AppMgmt - ok
12:30:21.0156 4480	asc - ok
12:30:21.0156 4480	asc3350p - ok
12:30:21.0171 4480	asc3550 - ok
12:30:21.0296 4480	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:30:21.0375 4480	aspnet_state - ok
12:30:21.0390 4480	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:30:21.0515 4480	AsyncMac - ok
12:30:21.0531 4480	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:30:21.0687 4480	atapi - ok
12:30:21.0703 4480	Atdisk - ok
12:30:21.0718 4480	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:30:21.0875 4480	Atmarpc - ok
12:30:21.0921 4480	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
12:30:22.0078 4480	AudioSrv - ok
12:30:22.0109 4480	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:30:22.0250 4480	audstub - ok
12:30:22.0281 4480	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
12:30:22.0296 4480	avgio - ok
12:30:22.0328 4480	avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:30:22.0375 4480	avgntflt - ok
12:30:22.0406 4480	avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:30:22.0406 4480	avipbb - ok
12:30:22.0453 4480	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:30:22.0609 4480	Beep - ok
12:30:22.0656 4480	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
12:30:22.0875 4480	BITS - ok
12:30:22.0906 4480	Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\WINDOWS\system32\brsvc01a.exe
12:30:22.0906 4480	Brother XP spl Service - ok
12:30:22.0968 4480	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
12:30:23.0125 4480	Browser - ok
12:30:23.0156 4480	BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
12:30:23.0156 4480	BrScnUsb - ok
12:30:23.0187 4480	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:30:23.0343 4480	cbidf2k - ok
12:30:23.0359 4480	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:30:23.0515 4480	CCDECODE - ok
12:30:23.0531 4480	cd20xrnt - ok
12:30:23.0531 4480	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:30:23.0687 4480	Cdaudio - ok
12:30:23.0703 4480	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:30:23.0875 4480	Cdfs - ok
12:30:23.0890 4480	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:30:24.0046 4480	Cdrom - ok
12:30:24.0046 4480	Changer - ok
12:30:24.0078 4480	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
12:30:24.0234 4480	CiSvc - ok
12:30:24.0265 4480	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
12:30:24.0437 4480	ClipSrv - ok
12:30:24.0640 4480	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:30:24.0859 4480	clr_optimization_v2.0.50727_32 - ok
12:30:24.0890 4480	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:30:24.0953 4480	clr_optimization_v4.0.30319_32 - ok
12:30:24.0953 4480	CmdIde - ok
12:30:24.0953 4480	COMSysApp - ok
12:30:24.0968 4480	Cpqarray - ok
12:30:25.0000 4480	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
12:30:25.0156 4480	CryptSvc - ok
12:30:25.0156 4480	dac2w2k - ok
12:30:25.0171 4480	dac960nt - ok
12:30:25.0218 4480	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
12:30:25.0281 4480	DcomLaunch - ok
12:30:25.0312 4480	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
12:30:25.0484 4480	Dhcp - ok
12:30:25.0515 4480	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:30:25.0656 4480	Disk - ok
12:30:25.0656 4480	dmadmin - ok
12:30:25.0718 4480	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
12:30:25.0921 4480	dmboot - ok
12:30:25.0937 4480	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
12:30:26.0062 4480	dmio - ok
12:30:26.0078 4480	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:30:26.0250 4480	dmload - ok
12:30:26.0281 4480	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
12:30:26.0421 4480	dmserver - ok
12:30:26.0437 4480	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:30:26.0593 4480	DMusic - ok
12:30:26.0625 4480	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
12:30:26.0640 4480	Dnscache - ok
12:30:26.0687 4480	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
12:30:26.0828 4480	Dot3svc - ok
12:30:26.0828 4480	dpti2o - ok
12:30:26.0843 4480	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:30:26.0984 4480	drmkaud - ok
12:30:27.0000 4480	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
12:30:27.0156 4480	EapHost - ok
12:30:27.0234 4480	ehRecvr         (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
12:30:27.0250 4480	ehRecvr - ok
12:30:27.0296 4480	ehSched         (e774bf24a6cb798dce67ad1c8e917152) C:\WINDOWS\eHome\ehSched.exe
12:30:27.0312 4480	ehSched - ok
12:30:27.0343 4480	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
12:30:27.0500 4480	ERSvc - ok
12:30:27.0546 4480	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:30:27.0578 4480	Eventlog - ok
12:30:27.0640 4480	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
12:30:27.0671 4480	EventSystem - ok
12:30:27.0718 4480	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:30:27.0875 4480	Fastfat - ok
12:30:27.0921 4480	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:30:27.0937 4480	FastUserSwitchingCompatibility - ok
12:30:28.0000 4480	Fax             (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
12:30:28.0156 4480	Fax - ok
12:30:28.0171 4480	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:30:28.0328 4480	Fdc - ok
12:30:28.0375 4480	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
12:30:28.0531 4480	Fips - ok
12:30:28.0593 4480	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:30:28.0765 4480	Flpydisk - ok
12:30:28.0812 4480	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:30:28.0968 4480	FltMgr - ok
12:30:29.0140 4480	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:30:29.0156 4480	FontCache3.0.0.0 - ok
12:30:29.0171 4480	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:30:29.0328 4480	Fs_Rec - ok
12:30:29.0343 4480	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:30:29.0484 4480	Ftdisk - ok
12:30:29.0609 4480	GarenaPEngine - ok
12:30:29.0640 4480	GGSAFERDriver - ok
12:30:29.0656 4480	GMSIPCI - ok
12:30:29.0687 4480	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:30:29.0843 4480	Gpc - ok
12:30:29.0890 4480	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:30:30.0015 4480	HDAudBus - ok
12:30:30.0062 4480	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:30:30.0218 4480	helpsvc - ok
12:30:30.0218 4480	HidServ - ok
12:30:30.0234 4480	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:30:30.0375 4480	HidUsb - ok
12:30:30.0421 4480	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
12:30:30.0578 4480	hkmsvc - ok
12:30:30.0578 4480	hpn - ok
12:30:30.0625 4480	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:30:30.0671 4480	HTTP - ok
12:30:30.0687 4480	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
12:30:30.0796 4480	HTTPFilter - ok
12:30:30.0796 4480	i2omgmt - ok
12:30:30.0812 4480	i2omp - ok
12:30:30.0843 4480	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:30:30.0984 4480	i8042prt - ok
12:30:31.0078 4480	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:30:31.0125 4480	idsvc - ok
12:30:31.0140 4480	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:30:31.0265 4480	Imapi - ok
12:30:31.0312 4480	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
12:30:31.0468 4480	ImapiService - ok
12:30:31.0468 4480	ini910u - ok
12:30:31.0796 4480	IntcAzAudAddService (cdfd5a68a2e1caa89c5c0e0b3cb98731) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:30:31.0984 4480	IntcAzAudAddService - ok
12:30:32.0078 4480	IntelIde - ok
12:30:32.0109 4480	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:30:32.0265 4480	Ip6Fw - ok
12:30:32.0296 4480	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:30:32.0453 4480	IpFilterDriver - ok
12:30:32.0484 4480	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:30:32.0625 4480	IpInIp - ok
12:30:32.0640 4480	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:30:32.0796 4480	IpNat - ok
12:30:32.0812 4480	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:30:32.0984 4480	IPSec - ok
12:30:33.0000 4480	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:30:33.0062 4480	IRENUM - ok
12:30:33.0078 4480	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:30:33.0218 4480	isapnp - ok
12:30:33.0359 4480	JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Programme\Java\jre6\bin\jqs.exe
12:30:33.0375 4480	JavaQuickStarterService - ok
12:30:33.0375 4480	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:30:33.0531 4480	Kbdclass - ok
12:30:33.0531 4480	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:30:33.0703 4480	kmixer - ok
12:30:33.0812 4480	krdpdre - ok
12:30:33.0859 4480	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:30:33.0875 4480	KSecDD - ok
12:30:33.0921 4480	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
12:30:33.0953 4480	lanmanserver - ok
12:30:33.0984 4480	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
12:30:34.0000 4480	lanmanworkstation - ok
12:30:34.0015 4480	lbrtfdc - ok
12:30:34.0078 4480	LightScribeService (00944d59948596721d17510c94cd3e4f) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
12:30:34.0093 4480	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:30:34.0093 4480	LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:30:34.0109 4480	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
12:30:34.0281 4480	LmHosts - ok
12:30:34.0343 4480	McrdSvc         (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe
12:30:34.0375 4480	McrdSvc - ok
12:30:34.0375 4480	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
12:30:34.0515 4480	Messenger - ok
12:30:34.0546 4480	MHN             (ded60230e3019c508769ec3c15bcda44) C:\WINDOWS\System32\mhn.dll
12:30:34.0562 4480	MHN ( UnsignedFile.Multi.Generic ) - warning
12:30:34.0562 4480	MHN - detected UnsignedFile.Multi.Generic (1)
12:30:34.0578 4480	MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:30:34.0578 4480	MHNDRV ( UnsignedFile.Multi.Generic ) - warning
12:30:34.0578 4480	MHNDRV - detected UnsignedFile.Multi.Generic (1)
12:30:34.0609 4480	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:30:34.0765 4480	mnmdd - ok
12:30:34.0796 4480	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
12:30:34.0953 4480	mnmsrvc - ok
12:30:34.0984 4480	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
12:30:35.0140 4480	Modem - ok
12:30:35.0156 4480	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:30:35.0312 4480	Mouclass - ok
12:30:35.0343 4480	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:30:35.0484 4480	mouhid - ok
12:30:35.0500 4480	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:30:35.0656 4480	MountMgr - ok
12:30:35.0687 4480	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
12:30:35.0703 4480	MozillaMaintenance - ok
12:30:35.0718 4480	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
12:30:35.0859 4480	MPE - ok
12:30:35.0859 4480	mraid35x - ok
12:30:35.0906 4480	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:30:36.0031 4480	MRxDAV - ok
12:30:36.0093 4480	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:30:36.0125 4480	MRxSmb - ok
12:30:36.0156 4480	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
12:30:36.0312 4480	MSDTC - ok
12:30:36.0328 4480	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:30:36.0468 4480	Msfs - ok
12:30:36.0468 4480	MSIServer - ok
12:30:36.0484 4480	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:30:36.0625 4480	MSKSSRV - ok
12:30:36.0703 4480	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:30:36.0859 4480	MSPCLOCK - ok
12:30:36.0875 4480	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:30:37.0031 4480	MSPQM - ok
12:30:37.0046 4480	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:30:37.0187 4480	mssmbios - ok
12:30:37.0218 4480	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:30:37.0343 4480	MSTEE - ok
12:30:37.0421 4480	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:30:37.0484 4480	Mup - ok
12:30:37.0515 4480	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:30:37.0703 4480	NABTSFEC - ok
12:30:37.0750 4480	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
12:30:37.0859 4480	napagent - ok
12:30:37.0937 4480	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:30:38.0093 4480	NDIS - ok
12:30:38.0125 4480	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:30:38.0281 4480	NdisIP - ok
12:30:38.0328 4480	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:30:38.0343 4480	NdisTapi - ok
12:30:38.0375 4480	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:30:38.0515 4480	Ndisuio - ok
12:30:38.0531 4480	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:30:38.0703 4480	NdisWan - ok
12:30:38.0750 4480	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:30:38.0796 4480	NDProxy - ok
12:30:38.0828 4480	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:30:38.0953 4480	NetBIOS - ok
12:30:38.0968 4480	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:30:39.0093 4480	NetBT - ok
12:30:39.0156 4480	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:30:39.0312 4480	NetDDE - ok
12:30:39.0312 4480	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:30:39.0453 4480	NetDDEdsdm - ok
12:30:39.0484 4480	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:30:39.0625 4480	Netlogon - ok
12:30:39.0640 4480	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
12:30:39.0781 4480	Netman - ok
12:30:39.0890 4480	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:30:39.0890 4480	NetTcpPortSharing - ok
12:30:39.0937 4480	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
12:30:39.0968 4480	Nla - ok
12:30:40.0015 4480	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:30:40.0156 4480	Npfs - ok
12:30:40.0203 4480	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:30:40.0375 4480	Ntfs - ok
12:30:40.0390 4480	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:30:40.0546 4480	NtLmSsp - ok
12:30:40.0609 4480	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
12:30:40.0750 4480	NtmsSvc - ok
12:30:40.0781 4480	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:30:40.0906 4480	Null - ok
12:30:41.0171 4480	nv              (10458bfc0968e7e69d77f292942b27b1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:30:41.0281 4480	nv - ok
12:30:41.0390 4480	NVSvc           (f6fca6047879de7a2964757eb8b2101b) C:\WINDOWS\system32\nvsvc32.exe
12:30:41.0406 4480	NVSvc - ok
12:30:41.0437 4480	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:30:41.0578 4480	NwlnkFlt - ok
12:30:41.0593 4480	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:30:41.0765 4480	NwlnkFwd - ok
12:30:41.0812 4480	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
12:30:41.0937 4480	Parport - ok
12:30:41.0968 4480	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:30:42.0140 4480	PartMgr - ok
12:30:42.0171 4480	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
12:30:42.0296 4480	ParVdm - ok
12:30:42.0296 4480	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
12:30:42.0468 4480	PCI - ok
12:30:42.0468 4480	PCIDump - ok
12:30:42.0484 4480	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:30:42.0625 4480	PCIIde - ok
12:30:42.0656 4480	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:30:42.0875 4480	Pcmcia - ok
12:30:42.0875 4480	PDCOMP - ok
12:30:42.0875 4480	PDFRAME - ok
12:30:42.0890 4480	PDRELI - ok
12:30:42.0890 4480	PDRFRAME - ok
12:30:42.0890 4480	perc2 - ok
12:30:42.0906 4480	perc2hib - ok
12:30:43.0031 4480	pgsql-8.3 - ok
12:30:43.0093 4480	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:30:43.0125 4480	PlugPlay - ok
12:30:43.0218 4480	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:30:43.0343 4480	PolicyAgent - ok
12:30:43.0375 4480	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:30:43.0500 4480	PptpMiniport - ok
12:30:43.0515 4480	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
12:30:43.0656 4480	Processor - ok
12:30:43.0671 4480	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:30:43.0796 4480	ProtectedStorage - ok
12:30:43.0812 4480	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:30:43.0968 4480	PSched - ok
12:30:44.0000 4480	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:30:44.0125 4480	Ptilink - ok
12:30:44.0156 4480	PxHelp20        (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:30:44.0171 4480	PxHelp20 - ok
12:30:44.0171 4480	ql1080 - ok
12:30:44.0171 4480	Ql10wnt - ok
12:30:44.0187 4480	ql12160 - ok
12:30:44.0187 4480	ql1240 - ok
12:30:44.0187 4480	ql1280 - ok
12:30:44.0218 4480	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:30:44.0343 4480	RasAcd - ok
12:30:44.0375 4480	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
12:30:44.0546 4480	RasAuto - ok
12:30:44.0562 4480	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:30:44.0687 4480	Rasl2tp - ok
12:30:44.0734 4480	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
12:30:44.0859 4480	RasMan - ok
12:30:44.0875 4480	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:30:45.0015 4480	RasPppoe - ok
12:30:45.0031 4480	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:30:45.0171 4480	Raspti - ok
12:30:45.0203 4480	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:30:45.0328 4480	Rdbss - ok
12:30:45.0328 4480	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:30:45.0468 4480	RDPCDD - ok
12:30:45.0500 4480	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:30:45.0625 4480	rdpdr - ok
12:30:45.0687 4480	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:30:45.0718 4480	RDPWD - ok
12:30:45.0750 4480	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
12:30:45.0890 4480	RDSessMgr - ok
12:30:46.0015 4480	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:30:46.0171 4480	redbook - ok
12:30:46.0187 4480	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
12:30:46.0328 4480	RemoteAccess - ok
12:30:46.0359 4480	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
12:30:46.0500 4480	RemoteRegistry - ok
12:30:46.0625 4480	RichVideo       (bd517c7fb119997effbe39d5e4b37b05) C:\Programme\CyberLink\Shared Files\RichVideo.exe
12:30:46.0640 4480	RichVideo ( UnsignedFile.Multi.Generic ) - warning
12:30:46.0640 4480	RichVideo - detected UnsignedFile.Multi.Generic (1)
12:30:46.0671 4480	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
12:30:46.0812 4480	RpcLocator - ok
12:30:46.0859 4480	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
12:30:46.0875 4480	RpcSs - ok
12:30:46.0921 4480	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
12:30:47.0046 4480	RSVP - ok
12:30:47.0093 4480	RTLE8023xp      (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:30:47.0125 4480	RTLE8023xp - ok
12:30:47.0171 4480	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:30:47.0312 4480	SamSs - ok
12:30:47.0343 4480	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
12:30:47.0484 4480	SCardSvr - ok
12:30:47.0531 4480	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
12:30:47.0703 4480	Schedule - ok
12:30:47.0718 4480	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:30:47.0781 4480	Secdrv - ok
12:30:47.0796 4480	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
12:30:47.0921 4480	seclogon - ok
12:30:47.0937 4480	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
12:30:48.0078 4480	SENS - ok
12:30:48.0109 4480	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
12:30:48.0265 4480	Serial - ok
12:30:48.0296 4480	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:30:48.0437 4480	Sfloppy - ok
12:30:48.0484 4480	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
12:30:48.0609 4480	SharedAccess - ok
12:30:48.0656 4480	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:30:48.0671 4480	ShellHWDetection - ok
12:30:48.0687 4480	Simbad - ok
12:30:48.0750 4480	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe
12:30:48.0765 4480	SkypeUpdate - ok
12:30:48.0796 4480	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:30:48.0937 4480	SLIP - ok
12:30:48.0937 4480	Sparrow - ok
12:30:48.0953 4480	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:30:49.0109 4480	splitter - ok
12:30:49.0140 4480	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:30:49.0156 4480	Spooler - ok
12:30:49.0171 4480	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
12:30:49.0234 4480	sr - ok
12:30:49.0265 4480	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
12:30:49.0343 4480	srservice - ok
12:30:49.0375 4480	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:30:49.0421 4480	Srv - ok
12:30:49.0437 4480	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
12:30:49.0500 4480	SSDPSRV - ok
12:30:49.0546 4480	ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:30:49.0546 4480	ssmdrv - ok
12:30:49.0609 4480	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
12:30:49.0718 4480	stisvc - ok
12:30:49.0750 4480	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:30:49.0890 4480	streamip - ok
12:30:49.0906 4480	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:30:50.0031 4480	swenum - ok
12:30:50.0046 4480	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:30:50.0187 4480	swmidi - ok
12:30:50.0187 4480	SwPrv - ok
12:30:50.0187 4480	symc810 - ok
12:30:50.0203 4480	symc8xx - ok
12:30:50.0203 4480	sym_hi - ok
12:30:50.0203 4480	sym_u3 - ok
12:30:50.0234 4480	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:30:50.0375 4480	sysaudio - ok
12:30:50.0406 4480	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
12:30:50.0546 4480	SysmonLog - ok
12:30:50.0640 4480	SystemStore     (1a78d70d7a02c920a18843426682899b) C:\Programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
12:30:50.0656 4480	SystemStore ( UnsignedFile.Multi.Generic ) - warning
12:30:50.0656 4480	SystemStore - detected UnsignedFile.Multi.Generic (1)
12:30:50.0703 4480	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
12:30:50.0812 4480	TapiSrv - ok
12:30:50.0875 4480	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:30:50.0921 4480	Tcpip - ok
12:30:50.0953 4480	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:30:51.0109 4480	TDPIPE - ok
12:30:51.0125 4480	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:30:51.0250 4480	TDTCP - ok
12:30:51.0312 4480	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:30:51.0421 4480	TermDD - ok
12:30:51.0484 4480	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
12:30:51.0640 4480	TermService - ok
12:30:51.0640 4480	TfFsMon - ok
12:30:51.0640 4480	TfNetMon - ok
12:30:51.0656 4480	TfSysMon - ok
12:30:51.0687 4480	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:30:51.0703 4480	Themes - ok
12:30:51.0750 4480	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
12:30:51.0812 4480	TlntSvr - ok
12:30:51.0812 4480	TosIde - ok
12:30:51.0843 4480	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
12:30:52.0000 4480	TrkWks - ok
12:30:52.0031 4480	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:30:52.0156 4480	Udfs - ok
12:30:52.0171 4480	ultra - ok
12:30:52.0203 4480	UMWdf           (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
12:30:52.0218 4480	UMWdf - ok
12:30:52.0281 4480	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:30:52.0421 4480	Update - ok
12:30:52.0468 4480	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
12:30:52.0531 4480	upnphost - ok
12:30:52.0562 4480	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
12:30:52.0703 4480	UPS - ok
12:30:52.0718 4480	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:30:52.0875 4480	usbccgp - ok
12:30:52.0906 4480	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:30:53.0046 4480	usbehci - ok
12:30:53.0078 4480	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:30:53.0218 4480	usbhub - ok
12:30:53.0234 4480	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:30:53.0343 4480	usbohci - ok
12:30:53.0359 4480	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:30:53.0484 4480	usbprint - ok
12:30:53.0500 4480	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:30:53.0625 4480	usbstor - ok
12:30:53.0640 4480	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:30:53.0750 4480	VgaSave - ok
12:30:53.0765 4480	ViaIde - ok
12:30:53.0781 4480	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
12:30:53.0906 4480	VolSnap - ok
12:30:53.0968 4480	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
12:30:54.0015 4480	VSS - ok
12:30:54.0062 4480	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
12:30:54.0187 4480	W32Time - ok
12:30:54.0218 4480	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:30:54.0343 4480	Wanarp - ok
12:30:54.0375 4480	wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
12:30:54.0406 4480	wanatw - ok
12:30:54.0406 4480	WDICA - ok
12:30:54.0437 4480	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:30:54.0578 4480	wdmaud - ok
12:30:54.0609 4480	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
12:30:54.0765 4480	WebClient - ok
12:30:54.0843 4480	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:30:54.0953 4480	winmgmt - ok
12:30:55.0000 4480	WmdmPmSN        (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
12:30:55.0015 4480	WmdmPmSN - ok
12:30:55.0093 4480	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
12:30:55.0125 4480	Wmi - ok
12:30:55.0156 4480	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:30:55.0265 4480	WmiApSrv - ok
12:30:55.0453 4480	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:30:55.0515 4480	WPFFontCache_v0400 - ok
12:30:55.0578 4480	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:30:55.0703 4480	WS2IFSL - ok
12:30:55.0750 4480	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
12:30:55.0875 4480	wscsvc - ok
12:30:55.0921 4480	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:30:56.0031 4480	WSTCODEC - ok
12:30:56.0046 4480	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
12:30:56.0156 4480	wuauserv - ok
12:30:56.0218 4480	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
12:30:56.0375 4480	WZCSVC - ok
12:30:56.0390 4480	xcpip - ok
12:30:56.0406 4480	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
12:30:56.0531 4480	xmlprov - ok
12:30:56.0531 4480	xpsec - ok
12:30:56.0562 4480	MBR (0x1B8)     (eeadaf356113e54427e990a5bcad82b5) \Device\Harddisk0\DR0
12:30:56.0562 4480	\Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
12:30:56.0562 4480	\Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
12:30:56.0640 4480	Boot (0x1200)   (b137f492af53146361b746e889df95bb) \Device\Harddisk0\DR0\Partition0
12:30:56.0640 4480	\Device\Harddisk0\DR0\Partition0 - ok
12:30:56.0656 4480	Boot (0x1200)   (c6ae6dc64faf9b3d8a9ccac454dd624f) \Device\Harddisk0\DR0\Partition1
12:30:56.0656 4480	\Device\Harddisk0\DR0\Partition1 - ok
12:30:56.0656 4480	============================================================
12:30:56.0656 4480	Scan finished
12:30:56.0656 4480	============================================================
12:30:56.0781 1812	Detected object count: 8
12:30:56.0781 1812	Actual detected object count: 8
12:31:51.0015 1812	AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:51.0015 1812	AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:31:51.0015 1812	AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:51.0015 1812	AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:31:51.0015 1812	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:51.0015 1812	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:31:51.0015 1812	MHN ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:51.0015 1812	MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:31:51.0015 1812	MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:51.0015 1812	MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:31:51.0031 1812	RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:51.0031 1812	RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:31:51.0031 1812	SystemStore ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:51.0031 1812	SystemStore ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:31:51.0031 1812	\Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user
12:31:51.0031 1812	\Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Skip

Obwohl Avir eig. aus was steht oben was mit Antivir... naja, warsch. nicht so tragisch.

cosinus · 24.05.2012, 21:42

Zitat:

12:31:51.0031 1812 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user

Das Root/Bootkit Sinowal bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

BraucheHilf · 28.05.2012, 15:51

besser später als nie..

Code:

ATTFilter

16:47:56.0750 3608	TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
16:47:57.0312 3608	============================================================
16:47:57.0312 3608	Current date / time: 2012/05/28 16:47:57.0312
16:47:57.0312 3608	SystemInfo:
16:47:57.0312 3608	
16:47:57.0312 3608	OS Version: 5.1.2600 ServicePack: 3.0
16:47:57.0312 3608	Product type: Workstation
16:47:57.0312 3608	ComputerName: ACER-F5DADEF16C
16:47:57.0312 3608	UserName: Besitzer
16:47:57.0312 3608	Windows directory: C:\WINDOWS
16:47:57.0312 3608	System windows directory: C:\WINDOWS
16:47:57.0312 3608	Processor architecture: Intel x86
16:47:57.0312 3608	Number of processors: 2
16:47:57.0312 3608	Page size: 0x1000
16:47:57.0312 3608	Boot type: Normal boot
16:47:57.0312 3608	============================================================
16:48:00.0453 3608	Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:48:00.0546 3608	Drive \Device\Harddisk6\DR13 - Size: 0x1DD60000 (0.47 Gb), SectorSize: 0x200, Cylinders: 0x3C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:48:00.0546 3608	============================================================
16:48:00.0546 3608	\Device\Harddisk0\DR0:
16:48:00.0546 3608	MBR partitions:
16:48:00.0546 3608	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBBD13E4
16:48:00.0562 3608	\Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0xBBD1462, BlocksNum 0xB8CC95F
16:48:00.0562 3608	\Device\Harddisk6\DR13:
16:48:00.0562 3608	MBR partitions:
16:48:00.0562 3608	\Device\Harddisk6\DR13\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0xEEAE0
16:48:00.0562 3608	============================================================
16:48:00.0562 3608	D: <-> \Device\Harddisk0\DR0\Partition1
16:48:00.0593 3608	C: <-> \Device\Harddisk0\DR0\Partition0
16:48:00.0593 3608	============================================================
16:48:00.0593 3608	Initialize success
16:48:00.0593 3608	============================================================
16:48:04.0281 2116	============================================================
16:48:04.0281 2116	Scan started
16:48:04.0281 2116	Mode: Manual; SigCheck; TDLFS; 
16:48:04.0281 2116	============================================================
16:48:05.0218 2116	3xHybrid        (b985bd6230ac8cc7526d89ef92ce05be) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
16:48:06.0500 2116	3xHybrid - ok
16:48:06.0515 2116	Abiosdsk - ok
16:48:06.0515 2116	abp480n5 - ok
16:48:06.0562 2116	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:48:07.0343 2116	ACPI - ok
16:48:07.0359 2116	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:48:07.0531 2116	ACPIEC - ok
16:48:07.0531 2116	adpu160m - ok
16:48:07.0578 2116	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:48:07.0750 2116	aec - ok
16:48:07.0765 2116	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:48:07.0812 2116	AFD - ok
16:48:07.0812 2116	Aha154x - ok
16:48:07.0828 2116	aic78u2 - ok
16:48:07.0828 2116	aic78xx - ok
16:48:07.0859 2116	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
16:48:08.0031 2116	Alerter - ok
16:48:08.0046 2116	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
16:48:08.0125 2116	ALG - ok
16:48:08.0125 2116	AliIde - ok
16:48:08.0156 2116	AmdK8           (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
16:48:08.0203 2116	AmdK8 - ok
16:48:08.0203 2116	amsint - ok
16:48:08.0296 2116	AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Programme\Avira\AntiVir Desktop\sched.exe
16:48:08.0312 2116	AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning
16:48:08.0312 2116	AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1)
16:48:08.0359 2116	AntiVirService  (b8720a787c1223492e6f319465e996ce) C:\Programme\Avira\AntiVir Desktop\avguard.exe
16:48:08.0390 2116	AntiVirService ( UnsignedFile.Multi.Generic ) - warning
16:48:08.0390 2116	AntiVirService - detected UnsignedFile.Multi.Generic (1)
16:48:08.0453 2116	AOL ACS         (85180cf88c5ebad73b452a43a004ca51) C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
16:48:08.0468 2116	AOL ACS - ok
16:48:08.0515 2116	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
16:48:08.0593 2116	AppMgmt - ok
16:48:08.0609 2116	asc - ok
16:48:08.0609 2116	asc3350p - ok
16:48:08.0609 2116	asc3550 - ok
16:48:08.0734 2116	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:48:08.0750 2116	aspnet_state - ok
16:48:08.0781 2116	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:48:08.0921 2116	AsyncMac - ok
16:48:08.0937 2116	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:48:09.0109 2116	atapi - ok
16:48:09.0109 2116	Atdisk - ok
16:48:09.0125 2116	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:48:09.0312 2116	Atmarpc - ok
16:48:09.0343 2116	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
16:48:09.0515 2116	AudioSrv - ok
16:48:09.0546 2116	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:48:09.0718 2116	audstub - ok
16:48:09.0750 2116	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
16:48:09.0765 2116	avgio - ok
16:48:09.0796 2116	avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:48:09.0859 2116	avgntflt - ok
16:48:09.0890 2116	avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:48:09.0906 2116	avipbb - ok
16:48:09.0921 2116	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:48:10.0109 2116	Beep - ok
16:48:10.0156 2116	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
16:48:10.0406 2116	BITS - ok
16:48:10.0421 2116	Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\WINDOWS\system32\brsvc01a.exe
16:48:10.0468 2116	Brother XP spl Service - ok
16:48:10.0500 2116	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
16:48:10.0687 2116	Browser - ok
16:48:10.0906 2116	BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
16:48:10.0937 2116	BrScnUsb - ok
16:48:10.0968 2116	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:48:11.0140 2116	cbidf2k - ok
16:48:11.0156 2116	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:48:11.0328 2116	CCDECODE - ok
16:48:11.0328 2116	cd20xrnt - ok
16:48:11.0359 2116	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:48:11.0531 2116	Cdaudio - ok
16:48:11.0562 2116	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:48:11.0750 2116	Cdfs - ok
16:48:11.0781 2116	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:48:11.0953 2116	Cdrom - ok
16:48:11.0953 2116	Changer - ok
16:48:11.0984 2116	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
16:48:12.0140 2116	CiSvc - ok
16:48:12.0187 2116	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
16:48:12.0390 2116	ClipSrv - ok
16:48:12.0484 2116	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:48:12.0562 2116	clr_optimization_v2.0.50727_32 - ok
16:48:12.0625 2116	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:48:12.0703 2116	clr_optimization_v4.0.30319_32 - ok
16:48:12.0703 2116	CmdIde - ok
16:48:12.0718 2116	COMSysApp - ok
16:48:12.0718 2116	Cpqarray - ok
16:48:12.0750 2116	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
16:48:12.0890 2116	CryptSvc - ok
16:48:12.0906 2116	dac2w2k - ok
16:48:12.0906 2116	dac960nt - ok
16:48:12.0968 2116	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
16:48:13.0046 2116	DcomLaunch - ok
16:48:13.0078 2116	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
16:48:13.0265 2116	Dhcp - ok
16:48:13.0281 2116	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:48:13.0484 2116	Disk - ok
16:48:13.0484 2116	dmadmin - ok
16:48:13.0546 2116	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
16:48:13.0750 2116	dmboot - ok
16:48:13.0765 2116	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
16:48:13.0921 2116	dmio - ok
16:48:13.0937 2116	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:48:14.0109 2116	dmload - ok
16:48:14.0140 2116	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
16:48:14.0312 2116	dmserver - ok
16:48:14.0328 2116	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:48:14.0484 2116	DMusic - ok
16:48:14.0515 2116	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
16:48:14.0562 2116	Dnscache - ok
16:48:14.0625 2116	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
16:48:14.0781 2116	Dot3svc - ok
16:48:14.0781 2116	dpti2o - ok
16:48:14.0781 2116	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:48:14.0953 2116	drmkaud - ok
16:48:15.0046 2116	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
16:48:15.0234 2116	EapHost - ok
16:48:15.0734 2116	ehRecvr         (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
16:48:15.0937 2116	ehRecvr - ok
16:48:16.0000 2116	ehSched         (e774bf24a6cb798dce67ad1c8e917152) C:\WINDOWS\eHome\ehSched.exe
16:48:16.0062 2116	ehSched - ok
16:48:16.0125 2116	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
16:48:16.0281 2116	ERSvc - ok
16:48:16.0312 2116	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
16:48:16.0343 2116	Eventlog - ok
16:48:16.0406 2116	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
16:48:16.0484 2116	EventSystem - ok
16:48:16.0515 2116	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:48:16.0703 2116	Fastfat - ok
16:48:16.0734 2116	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
16:48:16.0796 2116	FastUserSwitchingCompatibility - ok
16:48:16.0843 2116	Fax             (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
16:48:17.0015 2116	Fax - ok
16:48:17.0031 2116	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:48:17.0203 2116	Fdc - ok
16:48:17.0234 2116	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
16:48:17.0390 2116	Fips - ok
16:48:17.0406 2116	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:48:17.0578 2116	Flpydisk - ok
16:48:17.0609 2116	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:48:17.0750 2116	FltMgr - ok
16:48:17.0859 2116	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:48:17.0875 2116	FontCache3.0.0.0 - ok
16:48:17.0906 2116	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:48:18.0062 2116	Fs_Rec - ok
16:48:18.0078 2116	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:48:18.0234 2116	Ftdisk - ok
16:48:18.0312 2116	GarenaPEngine - ok
16:48:18.0359 2116	GGSAFERDriver - ok
16:48:18.0359 2116	GMSIPCI - ok
16:48:18.0421 2116	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:48:18.0593 2116	Gpc - ok
16:48:18.0625 2116	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:48:18.0765 2116	HDAudBus - ok
16:48:18.0796 2116	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:48:18.0968 2116	helpsvc - ok
16:48:18.0984 2116	HidServ - ok
16:48:19.0015 2116	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:48:19.0234 2116	HidUsb - ok
16:48:19.0265 2116	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
16:48:19.0421 2116	hkmsvc - ok
16:48:19.0421 2116	hpn - ok
16:48:19.0468 2116	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:48:19.0531 2116	HTTP - ok
16:48:19.0546 2116	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
16:48:19.0718 2116	HTTPFilter - ok
16:48:19.0718 2116	i2omgmt - ok
16:48:19.0718 2116	i2omp - ok
16:48:19.0750 2116	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:48:19.0906 2116	i8042prt - ok
16:48:20.0000 2116	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:48:20.0062 2116	idsvc - ok
16:48:20.0078 2116	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:48:20.0218 2116	Imapi - ok
16:48:20.0250 2116	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
16:48:20.0406 2116	ImapiService - ok
16:48:20.0406 2116	ini910u - ok
16:48:20.0703 2116	IntcAzAudAddService (cdfd5a68a2e1caa89c5c0e0b3cb98731) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:48:20.0984 2116	IntcAzAudAddService - ok
16:48:21.0062 2116	IntelIde - ok
16:48:21.0093 2116	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:48:21.0281 2116	Ip6Fw - ok
16:48:21.0296 2116	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:48:21.0468 2116	IpFilterDriver - ok
16:48:21.0500 2116	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:48:21.0656 2116	IpInIp - ok
16:48:21.0671 2116	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:48:21.0828 2116	IpNat - ok
16:48:21.0843 2116	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:48:22.0031 2116	IPSec - ok
16:48:22.0046 2116	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:48:22.0109 2116	IRENUM - ok
16:48:22.0125 2116	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:48:22.0296 2116	isapnp - ok
16:48:22.0437 2116	JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Programme\Java\jre6\bin\jqs.exe
16:48:22.0453 2116	JavaQuickStarterService - ok
16:48:22.0468 2116	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:48:22.0656 2116	Kbdclass - ok
16:48:22.0671 2116	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:48:22.0828 2116	kmixer - ok
16:48:22.0921 2116	krdpdre - ok
16:48:22.0953 2116	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:48:23.0046 2116	KSecDD - ok
16:48:23.0093 2116	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
16:48:23.0125 2116	lanmanserver - ok
16:48:23.0156 2116	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
16:48:23.0203 2116	lanmanworkstation - ok
16:48:23.0203 2116	lbrtfdc - ok
16:48:23.0281 2116	LightScribeService (00944d59948596721d17510c94cd3e4f) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
16:48:23.0281 2116	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:48:23.0281 2116	LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:48:23.0312 2116	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
16:48:23.0468 2116	LmHosts - ok
16:48:23.0531 2116	McrdSvc         (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe
16:48:23.0562 2116	McrdSvc - ok
16:48:23.0593 2116	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
16:48:23.0765 2116	Messenger - ok
16:48:23.0796 2116	MHN             (ded60230e3019c508769ec3c15bcda44) C:\WINDOWS\System32\mhn.dll
16:48:23.0812 2116	MHN ( UnsignedFile.Multi.Generic ) - warning
16:48:23.0812 2116	MHN - detected UnsignedFile.Multi.Generic (1)
16:48:23.0828 2116	MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:48:23.0828 2116	MHNDRV ( UnsignedFile.Multi.Generic ) - warning
16:48:23.0828 2116	MHNDRV - detected UnsignedFile.Multi.Generic (1)
16:48:23.0859 2116	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:48:23.0984 2116	mnmdd - ok
16:48:24.0031 2116	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
16:48:24.0218 2116	mnmsrvc - ok
16:48:24.0250 2116	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
16:48:24.0421 2116	Modem - ok
16:48:24.0437 2116	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:48:24.0625 2116	Mouclass - ok
16:48:24.0656 2116	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:48:24.0796 2116	mouhid - ok
16:48:24.0796 2116	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:48:24.0968 2116	MountMgr - ok
16:48:25.0015 2116	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
16:48:25.0046 2116	MozillaMaintenance - ok
16:48:25.0046 2116	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
16:48:25.0218 2116	MPE - ok
16:48:25.0218 2116	mraid35x - ok
16:48:25.0250 2116	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:48:25.0390 2116	MRxDAV - ok
16:48:25.0453 2116	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:48:25.0531 2116	MRxSmb - ok
16:48:25.0546 2116	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
16:48:25.0703 2116	MSDTC - ok
16:48:25.0718 2116	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:48:25.0875 2116	Msfs - ok
16:48:25.0875 2116	MSIServer - ok
16:48:25.0906 2116	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:48:26.0046 2116	MSKSSRV - ok
16:48:26.0046 2116	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:48:26.0187 2116	MSPCLOCK - ok
16:48:26.0218 2116	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:48:26.0359 2116	MSPQM - ok
16:48:26.0390 2116	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:48:26.0562 2116	mssmbios - ok
16:48:26.0609 2116	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:48:26.0750 2116	MSTEE - ok
16:48:26.0781 2116	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:48:26.0828 2116	Mup - ok
16:48:26.0843 2116	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:48:26.0984 2116	NABTSFEC - ok
16:48:27.0031 2116	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
16:48:27.0187 2116	napagent - ok
16:48:27.0234 2116	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:48:27.0390 2116	NDIS - ok
16:48:27.0406 2116	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:48:27.0562 2116	NdisIP - ok
16:48:27.0593 2116	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:48:27.0625 2116	NdisTapi - ok
16:48:27.0656 2116	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:48:27.0812 2116	Ndisuio - ok
16:48:27.0828 2116	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:48:27.0984 2116	NdisWan - ok
16:48:28.0000 2116	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:48:28.0046 2116	NDProxy - ok
16:48:28.0078 2116	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:48:28.0203 2116	NetBIOS - ok
16:48:28.0234 2116	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:48:28.0390 2116	NetBT - ok
16:48:28.0437 2116	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
16:48:28.0593 2116	NetDDE - ok
16:48:28.0609 2116	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
16:48:28.0750 2116	NetDDEdsdm - ok
16:48:28.0781 2116	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:48:28.0953 2116	Netlogon - ok
16:48:28.0984 2116	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
16:48:29.0140 2116	Netman - ok
16:48:29.0250 2116	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:48:29.0265 2116	NetTcpPortSharing - ok
16:48:29.0312 2116	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
16:48:29.0359 2116	Nla - ok
16:48:29.0390 2116	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:48:29.0546 2116	Npfs - ok
16:48:29.0625 2116	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:48:29.0781 2116	Ntfs - ok
16:48:29.0796 2116	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:48:29.0937 2116	NtLmSsp - ok
16:48:29.0984 2116	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
16:48:30.0140 2116	NtmsSvc - ok
16:48:30.0171 2116	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:48:30.0328 2116	Null - ok
16:48:30.0593 2116	nv              (10458bfc0968e7e69d77f292942b27b1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:48:30.0812 2116	nv - ok
16:48:30.0921 2116	NVSvc           (f6fca6047879de7a2964757eb8b2101b) C:\WINDOWS\system32\nvsvc32.exe
16:48:30.0953 2116	NVSvc - ok
16:48:31.0015 2116	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:48:31.0171 2116	NwlnkFlt - ok
16:48:31.0187 2116	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:48:31.0343 2116	NwlnkFwd - ok
16:48:31.0421 2116	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
16:48:31.0437 2116	ose - ok
16:48:31.0453 2116	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
16:48:31.0609 2116	Parport - ok
16:48:31.0640 2116	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:48:31.0796 2116	PartMgr - ok
16:48:31.0828 2116	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
16:48:31.0953 2116	ParVdm - ok
16:48:31.0953 2116	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
16:48:32.0109 2116	PCI - ok
16:48:32.0109 2116	PCIDump - ok
16:48:32.0125 2116	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:48:32.0281 2116	PCIIde - ok
16:48:32.0312 2116	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:48:32.0437 2116	Pcmcia - ok
16:48:32.0437 2116	PDCOMP - ok
16:48:32.0437 2116	PDFRAME - ok
16:48:32.0453 2116	PDRELI - ok
16:48:32.0453 2116	PDRFRAME - ok
16:48:32.0453 2116	perc2 - ok
16:48:32.0453 2116	perc2hib - ok
16:48:32.0593 2116	pgsql-8.3 - ok
16:48:32.0625 2116	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
16:48:32.0640 2116	PlugPlay - ok
16:48:32.0671 2116	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:48:32.0812 2116	PolicyAgent - ok
16:48:32.0828 2116	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:48:32.0984 2116	PptpMiniport - ok
16:48:33.0000 2116	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
16:48:33.0156 2116	Processor - ok
16:48:33.0171 2116	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:48:33.0296 2116	ProtectedStorage - ok
16:48:33.0312 2116	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:48:33.0437 2116	PSched - ok
16:48:33.0453 2116	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:48:33.0578 2116	Ptilink - ok
16:48:33.0625 2116	PxHelp20        (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:48:33.0625 2116	PxHelp20 - ok
16:48:33.0640 2116	ql1080 - ok
16:48:33.0640 2116	Ql10wnt - ok
16:48:33.0640 2116	ql12160 - ok
16:48:33.0656 2116	ql1240 - ok
16:48:33.0656 2116	ql1280 - ok
16:48:33.0656 2116	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:48:33.0781 2116	RasAcd - ok
16:48:33.0828 2116	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
16:48:33.0968 2116	RasAuto - ok
16:48:34.0000 2116	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:48:34.0218 2116	Rasl2tp - ok
16:48:34.0265 2116	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
16:48:34.0437 2116	RasMan - ok
16:48:34.0437 2116	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:48:34.0593 2116	RasPppoe - ok
16:48:34.0625 2116	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:48:34.0750 2116	Raspti - ok
16:48:34.0781 2116	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:48:34.0937 2116	Rdbss - ok
16:48:34.0953 2116	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:48:35.0062 2116	RDPCDD - ok
16:48:35.0093 2116	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:48:35.0218 2116	rdpdr - ok
16:48:35.0265 2116	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:48:35.0312 2116	RDPWD - ok
16:48:35.0359 2116	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
16:48:35.0500 2116	RDSessMgr - ok
16:48:35.0531 2116	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:48:35.0671 2116	redbook - ok
16:48:35.0703 2116	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
16:48:35.0843 2116	RemoteAccess - ok
16:48:35.0859 2116	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
16:48:36.0015 2116	RemoteRegistry - ok
16:48:36.0140 2116	RichVideo       (bd517c7fb119997effbe39d5e4b37b05) C:\Programme\CyberLink\Shared Files\RichVideo.exe
16:48:36.0156 2116	RichVideo ( UnsignedFile.Multi.Generic ) - warning
16:48:36.0156 2116	RichVideo - detected UnsignedFile.Multi.Generic (1)
16:48:36.0171 2116	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
16:48:36.0328 2116	RpcLocator - ok
16:48:36.0390 2116	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
16:48:36.0421 2116	RpcSs - ok
16:48:36.0453 2116	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
16:48:36.0593 2116	RSVP - ok
16:48:36.0640 2116	RTLE8023xp      (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:48:36.0687 2116	RTLE8023xp - ok
16:48:36.0718 2116	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:48:36.0875 2116	SamSs - ok
16:48:36.0921 2116	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
16:48:37.0078 2116	SCardSvr - ok
16:48:37.0125 2116	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
16:48:37.0265 2116	Schedule - ok
16:48:37.0296 2116	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:48:37.0359 2116	Secdrv - ok
16:48:37.0390 2116	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
16:48:37.0578 2116	seclogon - ok
16:48:37.0593 2116	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
16:48:37.0750 2116	SENS - ok
16:48:37.0781 2116	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
16:48:37.0921 2116	Serial - ok
16:48:37.0937 2116	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:48:38.0093 2116	Sfloppy - ok
16:48:38.0156 2116	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
16:48:38.0296 2116	SharedAccess - ok
16:48:38.0343 2116	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
16:48:38.0359 2116	ShellHWDetection - ok
16:48:38.0359 2116	Simbad - ok
16:48:38.0437 2116	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe
16:48:38.0453 2116	SkypeUpdate - ok
16:48:38.0500 2116	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:48:38.0671 2116	SLIP - ok
16:48:38.0671 2116	Sparrow - ok
16:48:38.0687 2116	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:48:38.0828 2116	splitter - ok
16:48:38.0875 2116	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:48:38.0906 2116	Spooler - ok
16:48:38.0937 2116	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
16:48:39.0000 2116	sr - ok
16:48:39.0046 2116	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
16:48:39.0109 2116	srservice - ok
16:48:39.0140 2116	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:48:39.0187 2116	Srv - ok
16:48:39.0234 2116	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
16:48:39.0296 2116	SSDPSRV - ok
16:48:39.0328 2116	ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:48:39.0343 2116	ssmdrv - ok
16:48:39.0406 2116	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
16:48:39.0562 2116	stisvc - ok
16:48:39.0609 2116	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:48:39.0781 2116	streamip - ok
16:48:39.0796 2116	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:48:39.0921 2116	swenum - ok
16:48:39.0937 2116	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:48:40.0078 2116	swmidi - ok
16:48:40.0078 2116	SwPrv - ok
16:48:40.0093 2116	symc810 - ok
16:48:40.0093 2116	symc8xx - ok
16:48:40.0093 2116	sym_hi - ok
16:48:40.0109 2116	sym_u3 - ok
16:48:40.0125 2116	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:48:40.0250 2116	sysaudio - ok
16:48:40.0281 2116	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
16:48:40.0453 2116	SysmonLog - ok
16:48:40.0546 2116	SystemStore     (1a78d70d7a02c920a18843426682899b) C:\Programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
16:48:40.0562 2116	SystemStore ( UnsignedFile.Multi.Generic ) - warning
16:48:40.0562 2116	SystemStore - detected UnsignedFile.Multi.Generic (1)
16:48:40.0609 2116	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
16:48:40.0750 2116	TapiSrv - ok
16:48:40.0796 2116	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:48:40.0843 2116	Tcpip - ok
16:48:40.0890 2116	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:48:41.0046 2116	TDPIPE - ok
16:48:41.0046 2116	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:48:41.0187 2116	TDTCP - ok
16:48:41.0218 2116	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:48:41.0375 2116	TermDD - ok
16:48:41.0421 2116	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
16:48:41.0578 2116	TermService - ok
16:48:41.0578 2116	TfFsMon - ok
16:48:41.0593 2116	TfNetMon - ok
16:48:41.0593 2116	TfSysMon - ok
16:48:41.0640 2116	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
16:48:41.0640 2116	Themes - ok
16:48:41.0687 2116	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
16:48:41.0750 2116	TlntSvr - ok
16:48:41.0750 2116	TosIde - ok
16:48:41.0796 2116	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
16:48:41.0937 2116	TrkWks - ok
16:48:41.0968 2116	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:48:42.0109 2116	Udfs - ok
16:48:42.0125 2116	ultra - ok
16:48:42.0156 2116	UMWdf           (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
16:48:42.0203 2116	UMWdf - ok
16:48:42.0250 2116	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:48:42.0390 2116	Update - ok
16:48:42.0437 2116	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
16:48:42.0515 2116	upnphost - ok
16:48:42.0546 2116	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
16:48:42.0718 2116	UPS - ok
16:48:42.0765 2116	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:48:42.0906 2116	usbccgp - ok
16:48:42.0953 2116	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:48:43.0078 2116	usbehci - ok
16:48:43.0093 2116	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:48:43.0250 2116	usbhub - ok
16:48:43.0265 2116	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:48:43.0406 2116	usbohci - ok
16:48:43.0421 2116	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:48:43.0593 2116	usbprint - ok
16:48:43.0609 2116	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:48:43.0765 2116	usbstor - ok
16:48:43.0765 2116	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:48:43.0875 2116	VgaSave - ok
16:48:43.0890 2116	ViaIde - ok
16:48:43.0921 2116	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
16:48:44.0109 2116	VolSnap - ok
16:48:44.0171 2116	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
16:48:44.0265 2116	VSS - ok
16:48:44.0312 2116	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
16:48:44.0453 2116	W32Time - ok
16:48:44.0484 2116	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:48:44.0640 2116	Wanarp - ok
16:48:44.0687 2116	wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:48:44.0734 2116	wanatw - ok
16:48:44.0734 2116	WDICA - ok
16:48:44.0750 2116	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:48:44.0890 2116	wdmaud - ok
16:48:44.0921 2116	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
16:48:45.0093 2116	WebClient - ok
16:48:45.0187 2116	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:48:45.0328 2116	winmgmt - ok
16:48:45.0359 2116	WmdmPmSN        (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
16:48:45.0390 2116	WmdmPmSN - ok
16:48:45.0453 2116	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
16:48:45.0531 2116	Wmi - ok
16:48:45.0562 2116	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:48:45.0703 2116	WmiApSrv - ok
16:48:45.0875 2116	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:48:45.0921 2116	WPFFontCache_v0400 - ok
16:48:45.0968 2116	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:48:46.0109 2116	WS2IFSL - ok
16:48:46.0312 2116	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
16:48:46.0500 2116	wscsvc - ok
16:48:46.0578 2116	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:48:46.0703 2116	WSTCODEC - ok
16:48:46.0718 2116	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
16:48:46.0875 2116	wuauserv - ok
16:48:47.0296 2116	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
16:48:47.0500 2116	WZCSVC - ok
16:48:47.0500 2116	xcpip - ok
16:48:47.0531 2116	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
16:48:47.0687 2116	xmlprov - ok
16:48:47.0687 2116	xpsec - ok
16:48:47.0703 2116	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
16:48:48.0203 2116	\Device\Harddisk0\DR0 - ok
16:48:48.0218 2116	MBR (0x1B8)     (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk6\DR13
16:48:49.0187 2116	\Device\Harddisk6\DR13 - ok
16:48:49.0203 2116	Boot (0x1200)   (b137f492af53146361b746e889df95bb) \Device\Harddisk0\DR0\Partition0
16:48:49.0218 2116	\Device\Harddisk0\DR0\Partition0 - ok
16:48:49.0250 2116	Boot (0x1200)   (c50d5712cef1a0b1dcb6fe8945cb8afd) \Device\Harddisk0\DR0\Partition1
16:48:49.0250 2116	\Device\Harddisk0\DR0\Partition1 - ok
16:48:49.0265 2116	Boot (0x1200)   (eca493ba57436cb4a85cd0f9f24e0487) \Device\Harddisk6\DR13\Partition0
16:48:49.0265 2116	\Device\Harddisk6\DR13\Partition0 - ok
16:48:49.0265 2116	============================================================
16:48:49.0265 2116	Scan finished
16:48:49.0265 2116	============================================================
16:48:49.0375 2636	Detected object count: 7
16:48:49.0375 2636	Actual detected object count: 7
16:48:53.0281 2636	AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:53.0281 2636	AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:48:53.0296 2636	AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:53.0296 2636	AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:48:53.0296 2636	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:53.0296 2636	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:48:53.0296 2636	MHN ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:53.0296 2636	MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:48:53.0296 2636	MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:53.0296 2636	MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:48:53.0296 2636	RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:53.0296 2636	RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:48:53.0296 2636	SystemStore ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:53.0296 2636	SystemStore ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:49:02.0171 3532	Deinitialize success

cosinus · 29.05.2012, 08:18

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

BraucheHilf · 30.05.2012, 12:37

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-05-30.02 - Besitzer 30.05.2012  13:14:14.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1023.540 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\DFC5A2B2.TMP
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\~ygw.tmp
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Desktopicon
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Roaming
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Roaming\HoldemManager\config\FTPRushTables.xml
c:\dokumente und einstellungen\Besitzer\WINDOWS
c:\dokumente und einstellungen\mrpgrey\ntuser.tmp
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-28 bis 2012-05-30  ))))))))))))))))))))))))))))))
.
.
2012-05-28 12:49 . 2012-05-28 12:49	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-05-24 13:44 . 2012-05-24 13:44	1409	----a-w-	c:\windows\QTFont.for
2012-05-23 21:18 . 2012-05-23 21:18	--------	d-----w-	c:\programme\AOL 9.0 VR
2012-05-23 20:31 . 2012-05-23 20:31	--------	d-----w-	C:\_OTL
2012-05-21 21:44 . 2004-05-10 19:05	153088	----a-w-	c:\windows\system32\jgdwmie.dll
2012-05-21 21:44 . 2004-05-10 19:05	1060864	----a-w-	c:\windows\system32\mfc71.dll
2012-05-21 21:43 . 2012-05-23 21:25	--------	d-----w-	c:\programme\Gemeinsame Dateien\aolshare
2012-05-21 21:43 . 2012-05-23 12:10	--------	d-----w-	c:\programme\AOL 9.0
2012-05-21 18:11 . 2012-05-21 18:11	--------	d-sh--w-	c:\dokumente und einstellungen\NetworkService\IETldCache
2012-05-21 07:37 . 2012-05-21 07:37	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-05-21 07:36 . 2012-05-21 07:37	--------	d-----w-	c:\programme\Freemium
2012-05-11 12:32 . 2012-05-11 12:32	--------	d-----w-	c:\dokumente und einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Freemium TubeBox
2012-05-11 12:31 . 2012-05-11 12:31	--------	d-----w-	c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Freemium
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 20:20 . 2011-06-24 16:46	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:51 . 2004-08-04 00:50	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2004-08-10 12:00	2150912	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51 . 2004-08-10 12:00	1862400	----a-w-	c:\windows\system32\win32k.sys
2012-05-21 19:40 . 2012-04-11 13:11	97208	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\programme\AOL 9.0 VRa\AOL.EXE" [2007-06-21 50480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"nwiz"="nwiz.exe" [2005-06-15 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"Microsoft Works Update Detection"="c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-17 50688]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AOLDialer"="c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" [2007-06-21 70952]
"HostManager"="c:\programme\Gemeinsame Dateien\AOL\1337806936\ee\AOLSoftware.exe" [2006-09-26 50736]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2012-05-21 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Status Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk]
path=c:\dokume~1\ALLUSE~1\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk
backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokume~1\ALLUSE~1\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53	843712	----a-w-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-05-17 16:42	933888	------w-	c:\programme\Brother\ControlCenter2\brctrcen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
2004-09-03 08:58	65536	------w-	c:\programme\Ahead\ODD Toolkit\dvdtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55	54832	----a-w-	c:\programme\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22	1695232	------w-	c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2006-02-13 16:33	214648	----a-w-	c:\programme\Octoshape Streaming Services\Besitzer\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-05-21 21:45	98304	----a-w-	c:\programme\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10	56928	------w-	c:\programme\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2005-01-26 17:02	49152	------w-	c:\programme\Brother\Brmfl05a\BrStDvPt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55	17148552	----a-r-	c:\programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43	248040	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"LightScribeService"=2 (0x2)
"Browser Defender Update Service"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Brother XP spl Service"=2 (0x2)
"SkypeUpdate"=2 (0x2)
"SystemStore"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\Loader\\aolload.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\System Information\\sinf.exe"=
"c:\\Programme\\Gamers.IRC\\mirc.exe"=
"c:\\Programme\\Octoshape Streaming Services\\Besitzer\\OctoshapeClient.exe"=
"c:\\Programme\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe"=
"c:\\mIRC\\mirc.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"d:\\Eigene Dateien\\HL2_UK\\hl2.exe"=
"c:\\Programme\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Programme\\Trillian\\trillian.exe"=
"c:\\Programme\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"=
"c:\\Programme\\AOL 9.0\\waol.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\1337806936\\ee\\aolsoftware.exe"=
"c:\\Programme\\AOL 9.0 VRa\\waol.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"= 5432:TCP:postgres
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GarenaPEngine;GarenaPEngine;c:\dokume~1\Besitzer\LOKALE~1\Temp\PRFCC8.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\programme\Garena\safedrv.sys [x]
R3 krdpdre;krdpdre;c:\dokume~1\Besitzer\LOKALE~1\Temp\krdpdre.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-21 129976]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys [x]
R4 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [2012-02-29 158856]
R4 SystemStore;System Store;c:\programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [2012-04-24 14848]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]
S3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-06-13 969728]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5uwxdfjn.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109986
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a0ed97790000000000000019dbc2cad6
FF - user.js: extensions.BabylonToolbar_i.hardId - a0ed97790000000000000019dbc2cad6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15481
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:44
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-ApnUpdater - c:\programme\Ask.com\Updater\Updater.exe
MSConfigStartUp-DW6 - c:\programme\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Guard.Mail.ru - c:\programme\Guard-ICQ\GuardICQ.exe
MSConfigStartUp-ICQ - c:\programme\ICQ7.7\ICQ.exe
MSConfigStartUp-ISTray - c:\programme\Spyware Doctor\pctsTray.exe
MSConfigStartUp-Performance Center - c:\programme\Ascentive\Performance Center\APCMain.exe
MSConfigStartUp-RealTray - c:\programme\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-Steam - c:\programme\Steam\Steam.exe
AddRemove-AIM LINK - c:\progra~1\GEMEIN~1\aolshare\AIM\UNWISE.EXE
AddRemove-The Weather Channel Desktop 6 - c:\programme\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-William Hill Poker - c:\poker\William Hill Poker\_SetupPoker_585002_en.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-30 13:27
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\dokume~1\Besitzer\LOKALE~1\Temp\PRFCC8.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3928)
c:\programme\Gemeinsame Dateien\AOL\ACS\WLHook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\programme\AOL 9.0 VRa\waol.exe
c:\programme\PostgreSQL\8.3\bin\postgres.exe
c:\programme\PostgreSQL\8.3\bin\postgres.exe
c:\windows\eHome\ehmsas.exe
c:\programme\PostgreSQL\8.3\bin\postgres.exe
c:\programme\PostgreSQL\8.3\bin\postgres.exe
c:\programme\PostgreSQL\8.3\bin\postgres.exe
c:\programme\PostgreSQL\8.3\bin\postgres.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\programme\AOL 9.0 VRa\shellmon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-30  13:31:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-30 11:31
.
Vor Suchlauf: 19 Verzeichnis(se), 26.127.790.080 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 26.635.870.208 Bytes frei
.
- - End Of File - - 001490D74EF8294F043D1BE2691434CB

--- --- ---

cosinus · 30.05.2012, 12:50

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Firefox::
FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5uwxdfjn.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109986
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a0ed97790000000000000019dbc2cad6
FF - user.js: extensions.BabylonToolbar_i.hardId - a0ed97790000000000000019dbc2cad6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15481
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:44
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"=-
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

BraucheHilf · 30.05.2012, 13:11

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-05-30.02 - Besitzer 30.05.2012  13:59:34.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1023.631 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Besitzer\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-28 bis 2012-05-30  ))))))))))))))))))))))))))))))
.
.
2012-05-28 12:49 . 2012-05-28 12:49	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-05-24 13:44 . 2012-05-24 13:44	1409	----a-w-	c:\windows\QTFont.for
2012-05-23 21:18 . 2012-05-23 21:18	--------	d-----w-	c:\programme\AOL 9.0 VR
2012-05-23 20:31 . 2012-05-23 20:31	--------	d-----w-	C:\_OTL
2012-05-21 21:44 . 2004-05-10 19:05	153088	----a-w-	c:\windows\system32\jgdwmie.dll
2012-05-21 21:44 . 2004-05-10 19:05	1060864	----a-w-	c:\windows\system32\mfc71.dll
2012-05-21 21:43 . 2012-05-23 21:25	--------	d-----w-	c:\programme\Gemeinsame Dateien\aolshare
2012-05-21 21:43 . 2012-05-23 12:10	--------	d-----w-	c:\programme\AOL 9.0
2012-05-21 18:11 . 2012-05-21 18:11	--------	d-sh--w-	c:\dokumente und einstellungen\NetworkService\IETldCache
2012-05-21 07:37 . 2012-05-21 07:37	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-05-21 07:36 . 2012-05-21 07:37	--------	d-----w-	c:\programme\Freemium
2012-05-11 12:32 . 2012-05-11 12:32	--------	d-----w-	c:\dokumente und einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Freemium TubeBox
2012-05-11 12:31 . 2012-05-11 12:31	--------	d-----w-	c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Freemium
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 20:20 . 2011-06-24 16:46	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:51 . 2004-08-04 00:50	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2004-08-10 12:00	2150912	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51 . 2004-08-10 12:00	1862400	----a-w-	c:\windows\system32\win32k.sys
2012-05-21 19:40 . 2012-04-11 13:11	97208	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\programme\AOL 9.0 VRa\AOL.EXE" [2007-06-21 50480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"nwiz"="nwiz.exe" [2005-06-15 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"Microsoft Works Update Detection"="c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-17 50688]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AOLDialer"="c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" [2007-06-21 70952]
"HostManager"="c:\programme\Gemeinsame Dateien\AOL\1337806936\ee\AOLSoftware.exe" [2006-09-26 50736]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2012-05-21 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Status Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk]
path=c:\dokume~1\ALLUSE~1\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk
backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokume~1\ALLUSE~1\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53	843712	----a-w-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-05-17 16:42	933888	------w-	c:\programme\Brother\ControlCenter2\brctrcen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
2004-09-03 08:58	65536	------w-	c:\programme\Ahead\ODD Toolkit\dvdtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55	54832	----a-w-	c:\programme\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22	1695232	------w-	c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2006-02-13 16:33	214648	----a-w-	c:\programme\Octoshape Streaming Services\Besitzer\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-05-21 21:45	98304	----a-w-	c:\programme\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10	56928	------w-	c:\programme\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2005-01-26 17:02	49152	------w-	c:\programme\Brother\Brmfl05a\BrStDvPt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55	17148552	----a-r-	c:\programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43	248040	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"LightScribeService"=2 (0x2)
"Browser Defender Update Service"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Brother XP spl Service"=2 (0x2)
"SkypeUpdate"=2 (0x2)
"SystemStore"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\Loader\\aolload.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\System Information\\sinf.exe"=
"c:\\Programme\\Gamers.IRC\\mirc.exe"=
"c:\\Programme\\Octoshape Streaming Services\\Besitzer\\OctoshapeClient.exe"=
"c:\\Programme\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe"=
"c:\\mIRC\\mirc.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"d:\\Eigene Dateien\\HL2_UK\\hl2.exe"=
"c:\\Programme\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Programme\\Trillian\\trillian.exe"=
"c:\\Programme\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"=
"c:\\Programme\\AOL 9.0\\waol.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\1337806936\\ee\\aolsoftware.exe"=
"c:\\Programme\\AOL 9.0 VRa\\waol.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [26.07.2009 15:31 108289]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N "pgsql-8.3" -D "c:\programme\PostgreSQL\8.3\data\" --> c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 [?]
R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;c:\windows\system32\drivers\3xHybrid.sys [13.06.2006 22:04 969728]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 14:16 130384]
S3 GarenaPEngine;GarenaPEngine;\??\c:\dokume~1\Besitzer\LOKALE~1\Temp\PRFCC8.tmp --> c:\dokume~1\Besitzer\LOKALE~1\Temp\PRFCC8.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programme\Garena\safedrv.sys --> c:\programme\Garena\safedrv.sys [?]
S3 krdpdre;krdpdre;\??\c:\dokume~1\Besitzer\LOKALE~1\Temp\krdpdre.sys --> c:\dokume~1\Besitzer\LOKALE~1\Temp\krdpdre.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [21.05.2012 21:40 129976]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 14:16 753504]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [29.02.2012 08:50 158856]
S4 SystemStore;System Store;c:\programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [24.04.2012 14:21 14848]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5uwxdfjn.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-30 14:07
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\dokume~1\Besitzer\LOKALE~1\Temp\PRFCC8.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(2712)
c:\windows\system32\webcheck.dll
.
Zeit der Fertigstellung: 2012-05-30  14:09:04
ComboFix-quarantined-files.txt  2012-05-30 12:09
ComboFix2.txt  2012-05-30 11:31
.
Vor Suchlauf: 19 Verzeichnis(se), 26.588.549.120 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 26.586.636.288 Bytes frei
.
- - End Of File - - A5E764DFB50DB304A6F659A0CB319937

--- --- ---