GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort

cosinus · 27.06.2012, 13:39

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Toledi · 27.06.2012, 14:54

codeOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 27.06.2012 15:39:56 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
895,23 Mb Total Physical Memory | 607,14 Mb Available Physical Memory | 67,82% Memory free
2,12 Gb Paging File | 1,77 Gb Available in Paging File | 83,73% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 146,48 Gb Total Space | 97,57 Gb Free Space | 66,61% Space Free | Partition Type: NTFS
Drive D: | 86,39 Gb Total Space | 66,85 Gb Free Space | 77,38% Space Free | Partition Type: NTFS
 
Computer Name: BENUTZER-0D266D | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.27 15:36:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\24960-OTL.exe
PRC - [2012.06.13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2011.07.11 17:14:11 | 001,036,104 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.07.04 19:52:44 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.02 13:09:45 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.18 13:05:29 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.12.28 01:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.11 17:14:22 | 001,640,216 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\Resources.dll
MOD - [2011.07.11 17:14:21 | 000,256,424 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2010.06.17 15:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.09.11 00:00:05 | 000,168,960 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\unrar.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe -- (de_serv)
SRV - File not found [Auto | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.26 18:14:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.23 09:57:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\DaSi\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.07.11 17:14:11 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.07.04 19:52:44 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.02 13:09:45 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2006.12.28 01:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.07.04 19:52:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.04 19:52:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.01 10:42:41 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.02.22 16:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008.02.22 16:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008.02.22 16:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007.11.27 21:06:42 | 004,630,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.04.16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006.12.28 01:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.12.28 01:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006.07.11 15:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.07.11 15:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689
IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.ebay.de/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Programme\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.02.28 19:56:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.03.18 13:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.01.29 21:18:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.26 18:14:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.16 16:49:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.04.21 17:37:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.01.29 21:18:30 | 000,000,000 | ---D | M]
 
[2010.08.19 17:58:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions
[2010.08.19 17:58:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.27 11:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\extensions
[2010.12.15 11:10:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.19 17:19:25 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.16 16:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\extensions\nostmp
[2011.12.20 21:02:04 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\searchplugins\11-suche.xml
[2011.12.20 21:02:05 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\searchplugins\englische-ergebnisse.xml
[2011.12.20 21:02:04 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\searchplugins\gmx-suche.xml
[2011.12.20 21:02:05 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\searchplugins\lastminute.xml
[2011.12.20 21:02:04 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\searchplugins\webde-suche.xml
[2011.12.30 20:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.17 19:44:41 | 000,576,958 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BESITZER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BSAJWLDN.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.08.25 21:31:36 | 000,011,510 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BESITZER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BSAJWLDN.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.06.27 11:53:50 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM
[2012.06.27 11:53:50 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF
[2012.06.26 18:14:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.02.24 10:11:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.26 18:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.26 18:14:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.26 18:14:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 18:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 18:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 18:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\Toolbar\ShellBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-448539723-162531612-839522115-1003..\Run: []  File not found
O4 - HKU\S-1-5-21-448539723-162531612-839522115-1003..\Run: [C0mDiXEtF1yrWmk] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TarArchiver.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Programme\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Programme\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O15 - HKU\S-1-5-21-448539723-162531612-839522115-1003\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-448539723-162531612-839522115-1003\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03B83AC8-B816-453B-9332-9490C6F45E94}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-448539723-162531612-839522115-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-448539723-162531612-839522115-1003 Winlogon: UserInit - (C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TarArchiver.exe) -  File not found
O20 - HKU\S-1-5-21-448539723-162531612-839522115-1003 Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.04 14:43:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\Shell - "" = AutoRun
O33 - MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Besitzer^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Ad-Watch - hkey= - key= - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: nwiz - hkey= - key= -  File not found
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - D:\DaSi\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: ZoneAlarm Client - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.27 11:53:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Search Settings
[2012.06.27 11:53:45 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2012.06.27 11:53:44 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot
[2012.06.27 11:53:44 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar
[2012.06.27 11:53:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.26 21:32:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\netgear daten fritz box-Dateien
[2012.06.26 18:53:10 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Besitzer\Recent
[2012.06.26 18:17:53 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2012.06.26 11:35:17 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.06.25 22:37:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.06.25 22:37:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.06.25 22:37:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.25 22:37:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.06.21 11:38:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\LG Fernseher-Dateien
[2012.06.14 15:21:00 | 000,000,000 | ---D | C] -- C:\Picasa-Datensicherung
[2012.06.05 15:56:55 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.05.30 15:36:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Möbelgriffe hummel-Dateien
[2012.05.30 15:13:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Möbelgriffe-Dateien
[2012.05.30 14:56:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Restaurierungsbedarf für Möbel • Basket • Basket-Dateien
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.27 14:57:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.27 11:47:48 | 000,191,655 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.06.27 11:47:44 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-162531612-839522115-1003.job
[2012.06.27 11:47:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.26 21:32:38 | 000,001,712 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\netgear daten fritz box.htm
[2012.06.26 18:17:56 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.06.26 16:03:19 | 000,002,223 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Skype.lnk
[2012.06.25 22:37:57 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.25 22:33:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.25 22:28:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.06.25 17:14:03 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012.06.21 11:38:38 | 000,468,120 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\LG Fernseher.htm
[2012.06.14 15:50:36 | 000,000,071 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\.picasa.ini
[2012.06.05 00:42:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.05.30 15:36:35 | 000,014,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Möbelgriffe hummel.htm
[2012.05.30 15:22:26 | 000,038,549 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Möbelgriffe.htm
[2012.05.30 14:56:20 | 000,046,176 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Restaurierungsbedarf für Möbel • Basket • Basket.htm
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.26 21:32:37 | 000,001,712 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\netgear daten fritz box.htm
[2012.06.26 18:17:56 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.06.25 22:37:57 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.25 22:28:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.06.21 11:38:36 | 000,468,120 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\LG Fernseher.htm
[2012.06.14 15:50:36 | 000,000,071 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\.picasa.ini
[2012.05.30 15:36:34 | 000,014,905 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Möbelgriffe hummel.htm
[2012.05.30 15:13:32 | 000,038,549 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Möbelgriffe.htm
[2012.05.30 14:56:18 | 000,046,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Restaurierungsbedarf für Möbel • Basket • Basket.htm
[2011.08.10 16:00:53 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.05.02 18:21:22 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
 
========== LOP Check ==========
 
[2012.06.06 16:03:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Search
[2012.04.06 11:37:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2011.08.19 12:04:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2009.02.21 20:03:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2011.01.28 14:39:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2012.01.29 21:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2011.09.07 14:20:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2011.02.28 19:57:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.07.22 11:00:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2010.05.06 16:36:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800}
[2012.05.30 20:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\BOM
[2012.01.19 17:20:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoft
[2012.01.19 17:19:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.04.06 11:38:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\elsterformular
[2011.03.30 23:07:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\GetRightToGo
[2011.01.28 14:37:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\NCH Swift Sound
[2012.03.19 20:29:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Nokia
[2011.08.19 12:43:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Nokia Ovi Suite
[2011.02.28 20:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PC Suite
[2011.03.30 23:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PCFix
[2011.08.10 16:02:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\pdfforge
[2012.06.26 21:21:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong
[2010.02.17 20:08:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Samsung
[2012.06.27 11:53:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Search Settings
[2010.08.19 17:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Thunderbird
[2011.03.30 23:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Uniblue
[2009.02.04 16:55:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Windows Desktop Search
[2009.02.26 19:52:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Windows Search
[2012.06.19 20:10:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\BOM
[2012.06.21 20:05:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\elsterformular
[2012.06.16 17:12:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Nokia
[2012.06.16 17:12:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\PC Suite
[2012.01.12 16:25:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Search Settings
[2010.12.31 14:55:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Thunderbird
[2009.08.19 23:06:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Windows Desktop Search
[2011.01.01 17:23:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Windows Search
[2012.06.25 22:35:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Troja\Anwendungsdaten\Search Settings
[2012.06.25 17:14:03 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011.04.13 19:22:27 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job
[2012.01.18 19:25:51 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\switchDowngrade.job
[2012.01.18 19:25:52 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.05.27 13:07:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Adobe
[2009.02.08 14:28:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Ahead
[2011.03.01 18:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Avira
[2010.01.31 18:09:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AVS4YOU
[2012.05.30 20:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\BOM
[2009.02.09 20:07:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\CyberLink
[2012.01.19 17:20:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoft
[2012.01.19 17:19:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.04.06 11:38:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\elsterformular
[2011.03.30 23:07:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\GetRightToGo
[2010.02.14 16:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Help
[2009.02.04 14:47:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Identities
[2009.02.04 20:32:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia
[2011.06.24 14:45:48 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft
[2009.02.17 19:00:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft Web Folders
[2009.02.10 16:53:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla
[2011.01.28 14:37:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\NCH Swift Sound
[2012.03.19 20:29:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Nokia
[2011.08.19 12:43:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Nokia Ovi Suite
[2011.02.28 20:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PC Suite
[2011.03.30 23:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PCFix
[2011.08.10 16:02:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\pdfforge
[2012.06.26 21:21:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong
[2012.05.22 21:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Real
[2010.02.17 20:08:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Samsung
[2012.06.27 11:53:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Search Settings
[2012.06.26 18:03:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Skype
[2011.10.10 16:03:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\skypePM
[2011.02.24 10:09:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sun
[2009.02.10 16:53:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Talkback
[2010.08.19 17:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Thunderbird
[2011.03.30 23:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Uniblue
[2009.02.04 16:55:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Windows Desktop Search
[2009.02.26 19:52:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Windows Search
 
< %APPDATA%\*.exe /s >
[2012.04.06 11:10:05 | 049,279,952 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\elsterformular\update\ElsterFormular_update-12_3_2_6814k.exe
[2010.09.01 15:52:56 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\extensions\nostmp\content\getPlusPlus_Adobe_reg.exe
[2011.03.18 13:01:30 | 000,514,216 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Real\RealPlayer\setup\AU_setup20101108.exe
[2012.06.26 15:53:52 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe
[2012.06.04 16:39:12 | 028,087,744 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe
[2012.06.04 16:34:12 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
[2001.05.24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.02.04 15:23:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.02.04 15:23:15 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.02.04 15:23:15 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

--- --- ---

/code

cosinus · 28.06.2012, 09:48

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - user.js - File not found
[2012.04.17 19:44:41 | 000,576,958 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BESITZER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BSAJWLDN.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.06.27 11:53:50 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM
[2012.06.27 11:53:50 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\Toolbar\ShellBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-448539723-162531612-839522115-1003\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-21-448539723-162531612-839522115-1003..\Run: []  File not found
O4 - HKU\S-1-5-21-448539723-162531612-839522115-1003..\Run: [C0mDiXEtF1yrWmk] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TarArchiver.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Programme\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Programme\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKU\S-1-5-21-448539723-162531612-839522115-1003 Winlogon: UserInit - (C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TarArchiver.exe) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.04 14:43:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\Shell - "" = AutoRun
O33 - MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
MsConfig - StartUpReg: ZoneAlarm Client - hkey= - key= -  File not found
[2012.06.27 11:53:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Search Settings
[2012.06.27 11:53:45 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2012.06.27 11:53:44 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot
[2012.06.27 11:53:44 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar
[2012.06.26 21:21:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong
[2011.03.30 23:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PCFix
[2011.03.30 23:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Uniblue
[2012.06.25 22:35:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Troja\Anwendungsdaten\Search Settings
[2012.06.25 17:14:03 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011.04.13 19:22:27 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job
[2012.01.18 19:25:51 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\switchDowngrade.job
[2012.01.18 19:25:52 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
:Files
C:\Programme\Gemeinsame Dateien\Spigot
C:\Programme\Application Updater
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Toledi · 28.06.2012, 11:43

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
C:\Programme\Freeware.de\prxtbFre2.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll moved successfully.
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" removed from keyword.URL
File C:\DOKUMENTE UND EINSTELLUNGEN\BESITZER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BSAJWLDN.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI not found.
C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\chrome\content folder moved successfully.
C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\chrome folder moved successfully.
C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM folder moved successfully.
C:\PROGRAMME\PDFFORGE TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAMME\PDFFORGE TOOLBAR\FF folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Programme\Freeware.de\prxtbFre2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Programme\Freeware.de\prxtbFre2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll not found.
Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}\ not found.
File C:\Programme\Freeware.de\prxtbFre2.dll not found.
Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}\ not found.
File C:\Programme\Freeware.de\prxtbFre2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AutoLaunch deleted successfully.
C:\Programme\Lavasoft\Ad-Aware\AutoLaunch.exe moved successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AutoLaunch not found.
File C:\Programme\Lavasoft\Ad-Aware\AutoLaunch.exe not found.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk moved successfully.
C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found.
Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\S-1-5-21-448539723-162531612-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e24ba4ec-ca42-11e0-8d5d-001c4af88c94}\ not found.
File F:\NokiaPCIA_Autorun.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ZoneAlarm Client\ deleted successfully.
Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Search Settings\ not found.
C:\Programme\Application Updater folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Res folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Lang folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot folder moved successfully.
C:\Programme\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Programme\pdfforge Toolbar\Res folder moved successfully.
C:\Programme\pdfforge Toolbar\IE\5.9 folder moved successfully.
C:\Programme\pdfforge Toolbar\IE folder moved successfully.
C:\Programme\pdfforge Toolbar folder moved successfully.
Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong\ not found.
Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PCFix\ not found.
Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Uniblue\ not found.
C:\Dokumente und Einstellungen\Troja\Anwendungsdaten\Search Settings\temp folder moved successfully.
C:\Dokumente und Einstellungen\Troja\Anwendungsdaten\Search Settings\res folder moved successfully.
C:\Dokumente und Einstellungen\Troja\Anwendungsdaten\Search Settings folder moved successfully.
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\WINDOWS\Tasks\doxillionShakeIcon.job moved successfully.
C:\WINDOWS\Tasks\switchDowngrade.job moved successfully.
C:\WINDOWS\Tasks\switchShakeIcon.job moved successfully.
========== FILES ==========
File\Folder C:\Programme\Gemeinsame Dateien\Spigot not found.
File\Folder C:\Programme\Application Updater not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 5944974 bytes

User: All Users

User: Besitzer

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Gast
->Temp folder emptied: 27087374 bytes
->Temporary Internet Files folder emptied: 4116522 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1119395800 bytes
->Flash cache emptied: 5944 bytes

User: Handy Karte 8.11

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Troja
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 69149846 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 17184701 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6428300 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.192,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Besitzer

User: Default User

User: Gast
->Flash cache emptied: 0 bytes

User: Handy Karte 8.11

User: LocalService

User: NetworkService

User: Troja
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.43.1 log created on 06282012_122842

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 28.06.2012, 13:45

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Toledi · 28.06.2012, 17:51

18:45:57.0546 1876 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
18:45:57.0875 1876 ============================================================
18:45:57.0875 1876 Current date / time: 2012/06/28 18:45:57.0875
18:45:57.0875 1876 SystemInfo:
18:45:57.0875 1876
18:45:57.0875 1876 OS Version: 5.1.2600 ServicePack: 3.0
18:45:57.0875 1876 Product type: Workstation
18:45:57.0875 1876 ComputerName: BENUTZER-0D266D
18:45:57.0875 1876 UserName: Troja
18:45:57.0875 1876 Windows directory: C:\WINDOWS
18:45:57.0875 1876 System windows directory: C:\WINDOWS
18:45:57.0875 1876 Processor architecture: Intel x86
18:45:57.0875 1876 Number of processors: 2
18:45:57.0875 1876 Page size: 0x1000
18:45:57.0875 1876 Boot type: Normal boot
18:45:57.0875 1876 ============================================================
18:46:00.0062 1876 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:46:00.0062 1876 ============================================================
18:46:00.0062 1876 \Device\Harddisk0\DR0:
18:46:00.0062 1876 MBR partitions:
18:46:00.0062 1876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F6BF3
18:46:00.0078 1876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x124F6C71, BlocksNum 0xACC9A4F
18:46:00.0078 1876 ============================================================
18:46:00.0140 1876 D: <-> \Device\Harddisk0\DR0\Partition1
18:46:00.0156 1876 C: <-> \Device\Harddisk0\DR0\Partition0
18:46:00.0156 1876 ============================================================
18:46:00.0156 1876 Initialize success
18:46:00.0156 1876 ============================================================
18:48:24.0062 3816 ============================================================
18:48:24.0062 3816 Scan started
18:48:24.0062 3816 Mode: Manual; SigCheck; TDLFS;
18:48:24.0062 3816 ============================================================
18:48:24.0218 3816 Abiosdsk - ok
18:48:24.0234 3816 abp480n5 - ok
18:48:24.0281 3816 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:48:25.0000 3816 ACPI - ok
18:48:25.0046 3816 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:48:25.0156 3816 ACPIEC - ok
18:48:25.0234 3816 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:48:25.0265 3816 AdobeFlashPlayerUpdateSvc - ok
18:48:25.0265 3816 adpu160m - ok
18:48:25.0312 3816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:48:25.0437 3816 aec - ok
18:48:25.0484 3816 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
18:48:25.0578 3816 AFD - ok
18:48:25.0593 3816 Aha154x - ok
18:48:25.0593 3816 aic78u2 - ok
18:48:25.0609 3816 aic78xx - ok
18:48:25.0640 3816 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
18:48:25.0750 3816 Alerter - ok
18:48:25.0765 3816 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
18:48:25.0875 3816 ALG - ok
18:48:25.0875 3816 AliIde - ok
18:48:25.0937 3816 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
18:48:25.0968 3816 AmdPPM - ok
18:48:25.0984 3816 amsint - ok
18:48:26.0062 3816 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
18:48:26.0078 3816 AntiVirSchedulerService - ok
18:48:26.0093 3816 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
18:48:26.0125 3816 AntiVirService - ok
18:48:26.0125 3816 Application Updater - ok
18:48:26.0125 3816 AppMgmt - ok
18:48:26.0140 3816 asc - ok
18:48:26.0156 3816 asc3350p - ok
18:48:26.0156 3816 asc3550 - ok
18:48:26.0234 3816 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:48:26.0250 3816 aspnet_state - ok
18:48:26.0281 3816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:48:26.0406 3816 AsyncMac - ok
18:48:26.0421 3816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:48:26.0531 3816 atapi - ok
18:48:26.0546 3816 Atdisk - ok
18:48:26.0562 3816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:48:26.0671 3816 Atmarpc - ok
18:48:26.0703 3816 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
18:48:26.0828 3816 AudioSrv - ok
18:48:26.0859 3816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:48:26.0984 3816 audstub - ok
18:48:27.0000 3816 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
18:48:27.0000 3816 avgio - ok
18:48:27.0046 3816 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:48:27.0078 3816 avgntflt - ok
18:48:27.0078 3816 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:48:27.0093 3816 avipbb - ok
18:48:27.0125 3816 AVM IGD CTRL Service - ok
18:48:27.0171 3816 AVM WLAN Connection Service (9bd46c1d2f33a890b7226edf543f18aa) C:\Programme\avmwlanstick\WlanNetService.exe
18:48:27.0218 3816 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
18:48:27.0218 3816 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
18:48:27.0250 3816 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\WINDOWS\system32\drivers\avmeject.sys
18:48:27.0281 3816 avmeject ( UnsignedFile.Multi.Generic ) - warning
18:48:27.0281 3816 avmeject - detected UnsignedFile.Multi.Generic (1)
18:48:27.0312 3816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:48:27.0468 3816 Beep - ok
18:48:27.0515 3816 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
18:48:27.0671 3816 BITS - ok
18:48:27.0703 3816 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
18:48:27.0828 3816 Browser - ok
18:48:27.0843 3816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:48:28.0000 3816 cbidf2k - ok
18:48:28.0015 3816 cd20xrnt - ok
18:48:28.0046 3816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:48:28.0187 3816 Cdaudio - ok
18:48:28.0234 3816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:48:28.0328 3816 Cdfs - ok
18:48:28.0359 3816 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:48:28.0468 3816 Cdrom - ok
18:48:28.0468 3816 Changer - ok
18:48:28.0500 3816 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
18:48:28.0625 3816 CiSvc - ok
18:48:28.0656 3816 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
18:48:28.0765 3816 ClipSrv - ok
18:48:28.0828 3816 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:48:28.0843 3816 clr_optimization_v2.0.50727_32 - ok
18:48:28.0859 3816 CmdIde - ok
18:48:28.0859 3816 COMSysApp - ok
18:48:28.0875 3816 Cpqarray - ok
18:48:28.0921 3816 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
18:48:29.0031 3816 CryptSvc - ok
18:48:29.0031 3816 dac2w2k - ok
18:48:29.0046 3816 dac960nt - ok
18:48:29.0093 3816 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
18:48:29.0218 3816 DcomLaunch - ok
18:48:29.0265 3816 de_serv - ok
18:48:29.0312 3816 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
18:48:29.0421 3816 Dhcp - ok
18:48:29.0437 3816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:48:29.0546 3816 Disk - ok
18:48:29.0546 3816 dmadmin - ok
18:48:29.0593 3816 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
18:48:29.0781 3816 dmboot - ok
18:48:29.0812 3816 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
18:48:29.0937 3816 dmio - ok
18:48:29.0968 3816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:48:30.0093 3816 dmload - ok
18:48:30.0125 3816 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
18:48:30.0218 3816 dmserver - ok
18:48:30.0250 3816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:48:30.0359 3816 DMusic - ok
18:48:30.0390 3816 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
18:48:30.0421 3816 Dnscache - ok
18:48:30.0453 3816 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
18:48:30.0546 3816 Dot3svc - ok
18:48:30.0562 3816 dpti2o - ok
18:48:30.0593 3816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:48:30.0703 3816 drmkaud - ok
18:48:30.0750 3816 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
18:48:30.0843 3816 EapHost - ok
18:48:30.0890 3816 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
18:48:31.0000 3816 ERSvc - ok
18:48:31.0031 3816 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
18:48:31.0062 3816 Eventlog - ok
18:48:31.0109 3816 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
18:48:31.0187 3816 EventSystem - ok
18:48:31.0218 3816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:48:31.0343 3816 Fastfat - ok
18:48:31.0375 3816 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
18:48:31.0421 3816 FastUserSwitchingCompatibility - ok
18:48:31.0453 3816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:48:31.0546 3816 Fdc - ok
18:48:31.0562 3816 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
18:48:31.0671 3816 Fips - ok
18:48:31.0718 3816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:48:31.0828 3816 Flpydisk - ok
18:48:31.0859 3816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:48:31.0968 3816 FltMgr - ok
18:48:32.0062 3816 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:48:32.0078 3816 FontCache3.0.0.0 - ok
18:48:32.0109 3816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:48:32.0265 3816 Fs_Rec - ok
18:48:32.0281 3816 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:48:32.0437 3816 Ftdisk - ok
18:48:32.0468 3816 FWLANUSB (ff12fa487265da2ac7de4be53f72ff1a) C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
18:48:32.0500 3816 FWLANUSB - ok
18:48:32.0546 3816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:48:32.0640 3816 Gpc - ok
18:48:32.0703 3816 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
18:48:32.0718 3816 gusvc - ok
18:48:32.0750 3816 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:48:32.0859 3816 HDAudBus - ok
18:48:32.0921 3816 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:48:33.0015 3816 helpsvc - ok
18:48:33.0031 3816 HidServ - ok
18:48:33.0062 3816 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:48:33.0171 3816 hidusb - ok
18:48:33.0218 3816 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
18:48:33.0312 3816 hkmsvc - ok
18:48:33.0312 3816 hpn - ok
18:48:33.0359 3816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:48:33.0406 3816 HTTP - ok
18:48:33.0437 3816 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
18:48:33.0546 3816 HTTPFilter - ok
18:48:33.0562 3816 i2omgmt - ok
18:48:33.0562 3816 i2omp - ok
18:48:33.0609 3816 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:48:33.0718 3816 i8042prt - ok
18:48:33.0781 3816 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:48:33.0843 3816 idsvc - ok
18:48:33.0875 3816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:48:33.0984 3816 Imapi - ok
18:48:34.0015 3816 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
18:48:34.0125 3816 ImapiService - ok
18:48:34.0140 3816 ini910u - ok
18:48:34.0296 3816 IntcAzAudAddService (8cd7f3fb0b2418af79914adb1e265184) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:48:34.0578 3816 IntcAzAudAddService - ok
18:48:34.0625 3816 IntelIde - ok
18:48:34.0656 3816 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:48:34.0781 3816 Ip6Fw - ok
18:48:34.0812 3816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:48:34.0953 3816 IpFilterDriver - ok
18:48:34.0984 3816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:48:35.0093 3816 IpInIp - ok
18:48:35.0109 3816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:48:35.0218 3816 IpNat - ok
18:48:35.0250 3816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:48:35.0359 3816 IPSec - ok
18:48:35.0375 3816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:48:35.0484 3816 IRENUM - ok
18:48:35.0515 3816 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:48:35.0609 3816 isapnp - ok
18:48:35.0765 3816 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Programme\Java\jre6\bin\jqs.exe
18:48:35.0781 3816 JavaQuickStarterService - ok
18:48:35.0796 3816 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:48:35.0906 3816 Kbdclass - ok
18:48:35.0937 3816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:48:36.0046 3816 kmixer - ok
18:48:36.0093 3816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:48:36.0156 3816 KSecDD - ok
18:48:36.0187 3816 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
18:48:36.0234 3816 lanmanserver - ok
18:48:36.0281 3816 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
18:48:36.0328 3816 lanmanworkstation - ok
18:48:36.0421 3816 Lavasoft Ad-Aware Service (193146149076b331c008c1c0af6fa5b9) C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
18:48:36.0484 3816 Lavasoft Ad-Aware Service - ok
18:48:36.0515 3816 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
18:48:36.0531 3816 Lbd - ok
18:48:36.0531 3816 lbrtfdc - ok
18:48:36.0593 3816 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
18:48:36.0703 3816 LmHosts - ok
18:48:36.0781 3816 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
18:48:36.0812 3816 McComponentHostService - ok
18:48:36.0843 3816 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
18:48:36.0953 3816 Messenger - ok
18:48:37.0062 3816 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
18:48:37.0062 3816 Microsoft Office Groove Audit Service - ok
18:48:37.0093 3816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:48:37.0250 3816 mnmdd - ok
18:48:37.0281 3816 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
18:48:37.0390 3816 mnmsrvc - ok
18:48:37.0421 3816 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
18:48:37.0531 3816 Modem - ok
18:48:37.0562 3816 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:48:37.0671 3816 Mouclass - ok
18:48:37.0703 3816 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:48:37.0843 3816 mouhid - ok
18:48:37.0859 3816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:48:37.0953 3816 MountMgr - ok
18:48:38.0000 3816 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
18:48:38.0015 3816 MozillaMaintenance - ok
18:48:38.0015 3816 mraid35x - ok
18:48:38.0046 3816 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:48:38.0156 3816 MRxDAV - ok
18:48:38.0203 3816 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:48:38.0265 3816 MRxSmb - ok
18:48:38.0296 3816 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
18:48:38.0406 3816 MSDTC - ok
18:48:38.0437 3816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:48:38.0546 3816 Msfs - ok
18:48:38.0562 3816 MSIServer - ok
18:48:38.0593 3816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:48:38.0687 3816 MSKSSRV - ok
18:48:38.0703 3816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:48:38.0812 3816 MSPCLOCK - ok
18:48:38.0843 3816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:48:38.0937 3816 MSPQM - ok
18:48:38.0968 3816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:48:39.0062 3816 mssmbios - ok
18:48:39.0109 3816 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
18:48:39.0203 3816 Mup - ok
18:48:39.0250 3816 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
18:48:39.0390 3816 napagent - ok
18:48:39.0421 3816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:48:39.0515 3816 NDIS - ok
18:48:39.0546 3816 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:48:39.0656 3816 NdisTapi - ok
18:48:39.0671 3816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:48:39.0781 3816 Ndisuio - ok
18:48:39.0796 3816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:48:39.0890 3816 NdisWan - ok
18:48:39.0937 3816 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:48:39.0968 3816 NDProxy - ok
18:48:40.0000 3816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:48:40.0109 3816 NetBIOS - ok
18:48:40.0125 3816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:48:40.0218 3816 NetBT - ok
18:48:40.0281 3816 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
18:48:40.0375 3816 NetDDE - ok
18:48:40.0390 3816 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
18:48:40.0484 3816 NetDDEdsdm - ok
18:48:40.0515 3816 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:48:40.0609 3816 Netlogon - ok
18:48:40.0625 3816 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
18:48:40.0750 3816 Netman - ok
18:48:40.0843 3816 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:48:40.0859 3816 NetTcpPortSharing - ok
18:48:40.0906 3816 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
18:48:40.0921 3816 Nla - ok
18:48:40.0968 3816 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
18:48:41.0156 3816 nmwcd - ok
18:48:41.0187 3816 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
18:48:41.0250 3816 nmwcdc - ok
18:48:41.0359 3816 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Programme\NOS\bin\getPlus_Helper_3004.dll
18:48:41.0375 3816 nosGetPlusHelper - ok
18:48:41.0406 3816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:48:41.0500 3816 Npfs - ok
18:48:41.0531 3816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:48:41.0656 3816 Ntfs - ok
18:48:41.0671 3816 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:48:41.0765 3816 NtLmSsp - ok
18:48:41.0796 3816 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
18:48:41.0921 3816 NtmsSvc - ok
18:48:41.0968 3816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:48:42.0109 3816 Null - ok
18:48:42.0328 3816 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:48:42.0671 3816 nv - ok
18:48:42.0750 3816 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:48:42.0781 3816 NVENETFD - ok
18:48:42.0796 3816 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:48:42.0843 3816 nvnetbus - ok
18:48:42.0875 3816 NVSvc (f96df45cfbdc670584293e03c2ab602a) C:\WINDOWS\system32\nvsvc32.exe
18:48:42.0890 3816 NVSvc - ok
18:48:42.0921 3816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:48:43.0078 3816 NwlnkFlt - ok
18:48:43.0109 3816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:48:43.0250 3816 NwlnkFwd - ok
18:48:43.0375 3816 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
18:48:43.0406 3816 odserv - ok
18:48:43.0453 3816 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
18:48:43.0484 3816 ose - ok
18:48:43.0515 3816 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
18:48:43.0625 3816 Parport - ok
18:48:43.0640 3816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:48:43.0734 3816 PartMgr - ok
18:48:43.0765 3816 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
18:48:43.0906 3816 ParVdm - ok
18:48:43.0953 3816 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
18:48:44.0000 3816 pccsmcfd - ok
18:48:44.0015 3816 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
18:48:44.0109 3816 PCI - ok
18:48:44.0125 3816 PCIDump - ok
18:48:44.0140 3816 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:48:44.0281 3816 PCIIde - ok
18:48:44.0312 3816 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:48:44.0406 3816 Pcmcia - ok
18:48:44.0421 3816 PDCOMP - ok
18:48:44.0421 3816 PDFRAME - ok
18:48:44.0437 3816 PDRELI - ok
18:48:44.0437 3816 PDRFRAME - ok
18:48:44.0453 3816 perc2 - ok
18:48:44.0453 3816 perc2hib - ok
18:48:44.0515 3816 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
18:48:44.0546 3816 PlugPlay - ok
18:48:44.0562 3816 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:48:44.0656 3816 PolicyAgent - ok
18:48:44.0687 3816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:48:44.0796 3816 PptpMiniport - ok
18:48:44.0812 3816 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
18:48:44.0906 3816 Processor - ok
18:48:44.0906 3816 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:48:45.0000 3816 ProtectedStorage - ok
18:48:45.0015 3816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:48:45.0109 3816 PSched - ok
18:48:45.0140 3816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:48:45.0281 3816 Ptilink - ok
18:48:45.0328 3816 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:48:45.0343 3816 PxHelp20 - ok
18:48:45.0343 3816 ql1080 - ok
18:48:45.0359 3816 Ql10wnt - ok
18:48:45.0359 3816 ql12160 - ok
18:48:45.0375 3816 ql1240 - ok
18:48:45.0375 3816 ql1280 - ok
18:48:45.0390 3816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:48:45.0546 3816 RasAcd - ok
18:48:45.0578 3816 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
18:48:45.0671 3816 RasAuto - ok
18:48:45.0687 3816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:48:45.0796 3816 Rasl2tp - ok
18:48:45.0843 3816 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
18:48:45.0953 3816 RasMan - ok
18:48:45.0968 3816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:48:46.0062 3816 RasPppoe - ok
18:48:46.0062 3816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:48:46.0203 3816 Raspti - ok
18:48:46.0218 3816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:48:46.0328 3816 Rdbss - ok
18:48:46.0359 3816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:48:46.0500 3816 RDPCDD - ok
18:48:46.0546 3816 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
18:48:46.0656 3816 RDPWD - ok
18:48:46.0671 3816 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
18:48:46.0796 3816 RDSessMgr - ok
18:48:46.0796 3816 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:48:46.0906 3816 redbook - ok
18:48:46.0937 3816 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
18:48:47.0046 3816 RemoteAccess - ok
18:48:47.0078 3816 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
18:48:47.0187 3816 RpcLocator - ok
18:48:47.0234 3816 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
18:48:47.0265 3816 RpcSs - ok
18:48:47.0281 3816 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
18:48:47.0421 3816 RSVP - ok
18:48:47.0453 3816 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:48:47.0546 3816 SamSs - ok
18:48:47.0593 3816 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
18:48:47.0703 3816 SCardSvr - ok
18:48:47.0750 3816 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
18:48:47.0859 3816 Schedule - ok
18:48:47.0890 3816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:48:47.0984 3816 Secdrv - ok
18:48:48.0000 3816 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
18:48:48.0109 3816 seclogon - ok
18:48:48.0109 3816 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
18:48:48.0234 3816 SENS - ok
18:48:48.0250 3816 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:48:48.0343 3816 serenum - ok
18:48:48.0375 3816 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
18:48:48.0468 3816 Serial - ok
18:48:48.0593 3816 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
18:48:48.0640 3816 ServiceLayer - ok
18:48:48.0687 3816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:48:48.0796 3816 Sfloppy - ok
18:48:48.0843 3816 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
18:48:48.0984 3816 SharedAccess - ok
18:48:49.0031 3816 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
18:48:49.0046 3816 ShellHWDetection - ok
18:48:49.0046 3816 Simbad - ok
18:48:49.0203 3816 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) D:\DaSi\Programme\Skype\Updater\Updater.exe
18:48:49.0218 3816 SkypeUpdate - ok
18:48:49.0250 3816 Sparrow - ok
18:48:49.0312 3816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:48:49.0421 3816 splitter - ok
18:48:49.0453 3816 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:48:49.0484 3816 Spooler - ok
18:48:49.0500 3816 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
18:48:49.0609 3816 sr - ok
18:48:49.0640 3816 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
18:48:49.0750 3816 srservice - ok
18:48:49.0796 3816 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:48:49.0859 3816 Srv - ok
18:48:49.0890 3816 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
18:48:49.0890 3816 sscdbus - ok
18:48:49.0937 3816 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
18:48:49.0937 3816 sscdmdfl - ok
18:48:49.0968 3816 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
18:48:49.0984 3816 sscdmdm - ok
18:48:50.0015 3816 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
18:48:50.0125 3816 SSDPSRV - ok
18:48:50.0156 3816 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:48:50.0171 3816 ssmdrv - ok
18:48:50.0203 3816 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
18:48:50.0218 3816 StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:48:50.0218 3816 StarOpen - detected UnsignedFile.Multi.Generic (1)
18:48:50.0265 3816 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
18:48:50.0406 3816 stisvc - ok
18:48:50.0421 3816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:48:50.0515 3816 swenum - ok
18:48:50.0546 3816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:48:50.0640 3816 swmidi - ok
18:48:50.0656 3816 SwPrv - ok
18:48:50.0671 3816 symc810 - ok
18:48:50.0671 3816 symc8xx - ok
18:48:50.0687 3816 sym_hi - ok
18:48:50.0687 3816 sym_u3 - ok
18:48:50.0703 3816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:48:50.0812 3816 sysaudio - ok
18:48:50.0843 3816 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
18:48:50.0953 3816 SysmonLog - ok
18:48:51.0000 3816 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
18:48:51.0109 3816 TapiSrv - ok
18:48:51.0156 3816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:48:51.0187 3816 Tcpip - ok
18:48:51.0218 3816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:48:51.0328 3816 TDPIPE - ok
18:48:51.0359 3816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:48:51.0468 3816 TDTCP - ok
18:48:51.0515 3816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:48:51.0609 3816 TermDD - ok
18:48:51.0656 3816 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
18:48:51.0781 3816 TermService - ok
18:48:51.0828 3816 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
18:48:51.0843 3816 Themes - ok
18:48:51.0843 3816 TosIde - ok
18:48:51.0890 3816 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
18:48:52.0000 3816 TrkWks - ok
18:48:52.0015 3816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:48:52.0125 3816 Udfs - ok
18:48:52.0125 3816 ultra - ok
18:48:52.0187 3816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:48:52.0328 3816 Update - ok
18:48:52.0375 3816 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
18:48:52.0484 3816 upnphost - ok
18:48:52.0531 3816 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
18:48:52.0593 3816 upperdev - ok
18:48:52.0640 3816 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
18:48:52.0718 3816 UPS - ok
18:48:52.0734 3816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:48:52.0828 3816 usbehci - ok
18:48:52.0875 3816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:48:52.0968 3816 usbhub - ok
18:48:52.0984 3816 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:48:53.0093 3816 usbohci - ok
18:48:53.0125 3816 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:48:53.0218 3816 usbprint - ok
18:48:53.0250 3816 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:48:53.0343 3816 usbscan - ok
18:48:53.0375 3816 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
18:48:53.0468 3816 usbser - ok
18:48:53.0500 3816 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
18:48:53.0562 3816 UsbserFilt - ok
18:48:53.0593 3816 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:48:53.0687 3816 USBSTOR - ok
18:48:53.0703 3816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:48:53.0796 3816 VgaSave - ok
18:48:53.0812 3816 ViaIde - ok
18:48:53.0843 3816 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
18:48:53.0937 3816 VolSnap - ok
18:48:53.0984 3816 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
18:48:54.0093 3816 VSS - ok
18:48:54.0109 3816 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
18:48:54.0250 3816 W32Time - ok
18:48:54.0265 3816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:48:54.0375 3816 Wanarp - ok
18:48:54.0421 3816 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:48:54.0453 3816 Wdf01000 - ok
18:48:54.0453 3816 WDICA - ok
18:48:54.0500 3816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:48:54.0593 3816 wdmaud - ok
18:48:54.0625 3816 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
18:48:54.0734 3816 WebClient - ok
18:48:54.0812 3816 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:48:54.0906 3816 winmgmt - ok
18:48:54.0953 3816 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:48:54.0968 3816 WmdmPmSN - ok
18:48:55.0015 3816 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:48:55.0125 3816 WmiApSrv - ok
18:48:55.0250 3816 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
18:48:55.0343 3816 WMPNetworkSvc - ok
18:48:55.0375 3816 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:48:55.0375 3816 WpdUsb - ok
18:48:55.0421 3816 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
18:48:55.0546 3816 wscsvc - ok
18:48:55.0546 3816 WSearch - ok
18:48:55.0593 3816 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
18:48:55.0703 3816 wuauserv - ok
18:48:55.0734 3816 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:48:55.0765 3816 WudfPf - ok
18:48:55.0796 3816 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:48:55.0812 3816 WudfRd - ok
18:48:55.0828 3816 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:48:55.0843 3816 WudfSvc - ok
18:48:55.0906 3816 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
18:48:56.0015 3816 WZCSVC - ok
18:48:56.0062 3816 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
18:48:56.0187 3816 xmlprov - ok
18:48:56.0203 3816 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
18:48:56.0609 3816 \Device\Harddisk0\DR0 - ok
18:48:56.0625 3816 Boot (0x1200) (f82b8d7a81891204ad0fda5c6d58a319) \Device\Harddisk0\DR0\Partition0
18:48:56.0625 3816 \Device\Harddisk0\DR0\Partition0 - ok
18:48:56.0671 3816 Boot (0x1200) (b4d4c104972213b8b0c96350a9de138d) \Device\Harddisk0\DR0\Partition1
18:48:56.0671 3816 \Device\Harddisk0\DR0\Partition1 - ok
18:48:56.0671 3816 ============================================================
18:48:56.0671 3816 Scan finished
18:48:56.0671 3816 ============================================================
18:48:56.0781 3344 Detected object count: 3
18:48:56.0781 3344 Actual detected object count: 3
18:50:11.0750 3344 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:50:11.0750 3344 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:50:11.0750 3344 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
18:50:11.0750 3344 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:50:11.0765 3344 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:50:11.0765 3344 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 29.06.2012, 11:29

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Toledi · 29.06.2012, 12:59

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-06-28.03 - Besitzer 29.06.2012  13:33:06.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.895.450 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Eigene Dateien\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PCFix
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PCFix\log.dat
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PCFix\unresolvederrors.dat
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\1.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\a.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\b.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\c.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\d.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\e.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\f.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\g.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\h.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\i.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\j.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\k.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\l.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\m.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\n.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\o.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\p.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\q.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\r.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\s.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\t.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\u.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\v.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\w.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\wlu.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\x.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\y.txt
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\z.txt
c:\dokumente und einstellungen\Handy Karte 8.11\System
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-28 bis 2012-06-29  ))))))))))))))))))))))))))))))
.
.
2012-06-28 10:28 . 2012-06-28 10:28	--------	d-----w-	C:\_OTL
2012-06-27 18:02 . 2012-06-27 18:02	11776	----a-w-	c:\programme\Mozilla Firefox\plugins\nprjplug.dll
2012-06-27 18:01 . 2012-06-27 18:01	--------	d-----w-	c:\programme\Gemeinsame Dateien\xing shared
2012-06-27 18:01 . 2012-06-27 18:01	150696	----a-w-	c:\programme\Mozilla Firefox\plugins\nppl3260.dll
2012-06-27 18:01 . 2012-06-27 18:01	129144	----a-w-	c:\programme\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-27 13:52 . 2012-06-27 13:52	--------	d-----w-	c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\wtxpcom
2012-06-27 09:53 . 2012-06-27 09:53	--------	d-----w-	c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Search Settings
2012-06-26 16:17 . 2012-06-26 16:17	--------	d-----w-	c:\programme\CCleaner
2012-06-26 16:14 . 2012-06-26 16:14	770384	----a-w-	c:\programme\Mozilla Firefox\msvcr100.dll
2012-06-26 16:14 . 2012-06-26 16:14	421200	----a-w-	c:\programme\Mozilla Firefox\msvcp100.dll
2012-06-26 09:35 . 2012-06-26 09:35	--------	d-----w-	c:\programme\ESET
2012-06-25 20:37 . 2012-06-25 20:37	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-25 20:37 . 2012-06-25 20:37	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-06-25 20:37 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-25 20:34 . 2008-04-14 06:52	221184	----a-w-	c:\windows\system32\wmpns.dll
2012-06-25 20:33 . 2012-06-25 20:34	--------	d-----w-	c:\dokumente und einstellungen\Troja
2012-06-21 18:04 . 2012-06-21 18:05	--------	d-----w-	c:\dokumente und einstellungen\Gast\Anwendungsdaten\elsterformular
2012-06-16 15:12 . 2012-06-16 15:12	--------	d-----w-	c:\dokumente und einstellungen\Gast\Anwendungsdaten\PC Suite
2012-06-16 15:12 . 2012-06-16 15:12	--------	d-----w-	c:\dokumente und einstellungen\Gast\Anwendungsdaten\Nokia
2012-06-16 13:52 . 2012-06-19 18:10	--------	d-----w-	c:\dokumente und einstellungen\Gast\Anwendungsdaten\BOM
2012-06-14 13:21 . 2012-06-14 13:47	--------	d-----w-	C:\Picasa-Datensicherung
2012-06-14 11:05 . 2012-06-14 11:05	--------	d-----w-	c:\dokumente und einstellungen\Gast\Anwendungsdaten\Avira
2012-06-11 16:26 . 2012-06-11 16:26	--------	d-----w-	c:\dokumente und einstellungen\Gast\Lokale Einstellungen\Anwendungsdaten\Skype
2012-06-11 14:27 . 2012-06-11 14:27	--------	d-s---w-	c:\dokumente und einstellungen\Gast\UserData
2012-06-05 13:56 . 2012-06-14 12:57	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2012-06-05 10:17 . 2012-06-25 20:26	--------	d-----w-	c:\dokumente und einstellungen\Administrator
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 18:01 . 2009-02-04 14:19	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-06-27 18:01 . 2009-02-04 14:19	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-06-23 07:57 . 2012-04-05 06:57	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-23 07:57 . 2011-05-19 10:06	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-26 16:14 . 2011-05-16 14:48	85472	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2012-06-27 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Besitzer^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\dokumente und einstellungen\Besitzer\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2011-07-11 15:14	528832	----a-w-	c:\programme\Lavasoft\Ad-Aware\AAWTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38	34672	----a-w-	c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43	69632	----a-w-	c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-12-13 07:39	281768	----a-w-	c:\programme\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2006-12-27 23:02	1454080	----a-r-	c:\programme\avmwlanstick\WLanGUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47	31016	----a-w-	c:\programme\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-09-17 22:55	13574144	----a-w-	c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-09-17 22:55	86016	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-09-17 22:55	1657376	----a-w-	c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 10:53	1483264	----a-w-	c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 02:01	32768	----a-w-	c:\programme\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-11-22 15:40	16858112	----a-w-	c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55	17148552	----a-r-	d:\dasi\Programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44	248552	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-06-27 18:01	296056	----a-w-	c:\programme\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Vogel Verlag\\Fahren Lernen\\Vogel.FahrenLernenMax.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\DaSi\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.02.2009 18:14 64160]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [27.05.2009 09:26 136360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 1036104]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [04.02.2009 20:12 265088]
S2 Application Updater;Application Updater;"c:\programme\Application Updater\ApplicationUpdater.exe" --> c:\programme\Application Updater\ApplicationUpdater.exe [?]
S2 SkypeUpdate;Skype Updater;d:\dasi\Programme\Skype\Updater\Updater.exe [15.02.2012 14:30 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05.04.2012 08:57 250056]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [04.02.2009 20:12 4352]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [03.05.2012 17:19 113120]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04.08.2004 14:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:14]
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 07:57]
.
2012-06-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-162531612-839522115-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-06-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-162531612-839522115-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
WebBrowser-{7E111A5C-3D11-4F56-9463-5310C3C69025} - (no file)
HKCU-Run-C0mDiXEtF1yrWmk - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\TarArchiver.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-29 13:39
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-29  13:41:56
ComboFix-quarantined-files.txt  2012-06-29 11:41
.
Vor Suchlauf: 9 Verzeichnis(se), 104.832.987.136 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 105.060.298.752 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1B7351CBEC4AFB0C4D0E376225042CFF

--- --- ---

Hallo !
was mir noch aufgefallen ist : ich kann den Benutzer nicht mehr über die
Button ABMELDEN BENUTZER WECHSELN wechseln.
ist nicht lebenswichtig ... aber evtl. gibt es ja eine Lösung hierfür.

Ich wünsche auf jeden Fall ein schönes sonniges WE !!
Torsten

cosinus · 29.06.2012, 13:46

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Folder::
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\wtxpcom
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Search Settings

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Toledi · 29.06.2012, 18:21

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-06-28.03 - Besitzer 29.06.2012  19:09:23.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.895.405 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Besitzer\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Search Settings
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\wtxpcom
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-28 bis 2012-06-29  ))))))))))))))))))))))))))))))
.
.
2012-06-29 16:43 . 2012-06-29 16:43	--------	d-----w-	c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Malwarebytes
2012-06-29 12:09 . 2011-04-21 13:37	105472	-c----w-	c:\windows\system32\dllcache\mup.sys
2012-06-29 12:09 . 2012-05-02 13:46	139656	-c----w-	c:\windows\system32\dllcache\rdpwd.sys
2012-06-29 12:08 . 2011-04-29 19:07	852480	-c----w-	c:\windows\system32\dllcache\vgx.dll
2012-06-29 12:07 . 2011-07-08 14:02	10496	-c----w-	c:\windows\system32\dllcache\ndistapi.sys
2012-06-29 12:07 . 2012-01-11 19:06	3072	-c----w-	c:\windows\system32\dllcache\iacenc.dll
2012-06-29 12:07 . 2012-01-11 19:06	3072	------w-	c:\windows\system32\iacenc.dll
2012-06-28 10:28 . 2012-06-28 10:28	--------	d-----w-	C:\_OTL
2012-06-27 18:02 . 2012-06-27 18:02	11776	----a-w-	c:\programme\Mozilla Firefox\plugins\nprjplug.dll
2012-06-27 18:01 . 2012-06-27 18:01	--------	d-----w-	c:\programme\Gemeinsame Dateien\xing shared
2012-06-27 18:01 . 2012-06-27 18:01	150696	----a-w-	c:\programme\Mozilla Firefox\plugins\nppl3260.dll
2012-06-27 18:01 . 2012-06-27 18:01	129144	----a-w-	c:\programme\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-26 16:17 . 2012-06-26 16:17	--------	d-----w-	c:\programme\CCleaner
2012-06-26 16:14 . 2012-06-26 16:14	770384	----a-w-	c:\programme\Mozilla Firefox\msvcr100.dll
2012-06-26 16:14 . 2012-06-26 16:14	421200	----a-w-	c:\programme\Mozilla Firefox\msvcp100.dll
2012-06-26 09:35 . 2012-06-26 09:35	--------	d-----w-	c:\programme\ESET
2012-06-25 20:37 . 2012-06-25 20:37	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-25 20:37 . 2012-06-25 20:37	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-06-25 20:37 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-25 20:34 . 2008-04-14 06:52	221184	----a-w-	c:\windows\system32\wmpns.dll
2012-06-25 20:33 . 2012-06-25 20:34	--------	d-----w-	c:\dokumente und einstellungen\Troja
2012-06-21 18:04 . 2012-06-21 18:05	--------	d-----w-	c:\dokumente und einstellungen\Gast\Anwendungsdaten\elsterformular
2012-06-16 15:12 . 2012-06-16 15:12	--------	d-----w-	c:\dokumente und einstellungen\Gast\Anwendungsdaten\PC Suite
2012-06-16 15:12 . 2012-06-16 15:12	--------	d-----w-	c:\dokumente und einstellungen\Gast\Anwendungsdaten\Nokia
2012-06-16 13:52 . 2012-06-19 18:10	--------	d-----w-	c:\dokumente und einstellungen\Gast\Anwendungsdaten\BOM
2012-06-14 13:21 . 2012-06-14 13:47	--------	d-----w-	C:\Picasa-Datensicherung
2012-06-14 11:05 . 2012-06-14 11:05	--------	d-----w-	c:\dokumente und einstellungen\Gast\Anwendungsdaten\Avira
2012-06-11 16:26 . 2012-06-11 16:26	--------	d-----w-	c:\dokumente und einstellungen\Gast\Lokale Einstellungen\Anwendungsdaten\Skype
2012-06-11 14:27 . 2012-06-11 14:27	--------	d-s---w-	c:\dokumente und einstellungen\Gast\UserData
2012-06-05 13:56 . 2012-06-14 12:57	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2012-06-05 10:17 . 2012-06-25 20:26	--------	d-----w-	c:\dokumente und einstellungen\Administrator
2012-05-31 13:22 . 2012-05-31 13:22	604160	-c----w-	c:\windows\system32\dllcache\crypt32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 18:01 . 2009-02-04 14:19	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-06-27 18:01 . 2009-02-04 14:19	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-06-23 07:57 . 2012-04-05 06:57	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-23 07:57 . 2011-05-19 10:06	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2009-02-04 12:41	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-02-04 12:41	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-02-04 12:41	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-10-16 13:08	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 13:07	18456	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-02-04 12:41	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-02-04 12:41	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-10-16 13:09	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 13:08	15896	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2004-08-04 12:00	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-16 13:08	23576	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-02-04 12:41	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-02-04 12:41	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 12:00	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 07:58 . 2004-08-04 12:00	672768	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2004-08-04 12:00	1863296	----a-w-	c:\windows\system32\win32k.sys
2012-05-05 03:14 . 2004-08-04 12:00	2150912	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-04 00:50	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-02-04 12:39	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-20 19:29 . 2004-08-04 12:00	61952	----a-w-	c:\windows\system32\tdc.ocx
2012-04-20 19:29 . 2004-08-04 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2012-04-20 19:28 . 2004-08-04 12:00	371200	----a-w-	c:\windows\system32\html.iec
2012-06-26 16:14 . 2011-05-16 14:48	85472	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-29_11.39.53   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-29 16:35 . 2012-06-29 16:35	16384              c:\windows\Temp\Perflib_Perfdata_64c.dat
+ 2004-08-04 12:00 . 2012-04-20 19:29	37888              c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2008-04-14 06:52	37888              c:\windows\system32\url.dll
+ 2009-02-04 14:03 . 2011-11-08 13:46	46080              c:\windows\system32\tzchange.exe
- 2009-02-04 14:03 . 2010-11-03 13:12	46080              c:\windows\system32\tzchange.exe
+ 2012-06-29 12:05 . 2012-06-02 13:19	45080              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-06-29 12:05 . 2012-06-02 13:19	35864              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2004-08-04 12:00 . 2012-06-29 16:36	68584              c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2012-06-29 16:36	91336              c:\windows\system32\perfc007.dat
+ 2004-08-04 12:00 . 2011-11-20 06:12	61952              c:\windows\system32\packager.exe
+ 2004-08-04 12:00 . 2011-09-26 09:41	23040              c:\windows\system32\oleaccrc.dll
- 2004-08-04 12:00 . 2008-04-14 06:52	23040              c:\windows\system32\mciseq.dll
+ 2004-08-04 12:00 . 2011-10-14 14:47	23040              c:\windows\system32\mciseq.dll
+ 2004-08-04 12:00 . 2011-07-08 14:02	10496              c:\windows\system32\drivers\ndistapi.sys
+ 2009-02-04 12:41 . 2012-06-02 13:19	35864              c:\windows\system32\dllcache\wups.dll
+ 2009-02-04 12:41 . 2012-06-02 13:19	53784              c:\windows\system32\dllcache\wuauclt.exe
+ 2012-04-20 19:29 . 2012-04-20 19:29	37888              c:\windows\system32\dllcache\url.dll
+ 2011-11-20 06:12 . 2011-11-20 06:12	61952              c:\windows\system32\dllcache\packager.exe
+ 2004-08-04 12:00 . 2011-09-26 09:41	23040              c:\windows\system32\dllcache\oleaccrc.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47	23040              c:\windows\system32\dllcache\mciseq.dll
- 2009-02-20 08:09 . 2011-02-17 13:51	81920              c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 08:09 . 2012-04-20 19:29	81920              c:\windows\system32\dllcache\ieencode.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31	33280              c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:29	33280              c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-04 12:00 . 2012-06-02 13:19	97304              c:\windows\system32\dllcache\cdm.dll
- 2004-08-04 12:00 . 2010-12-09 14:29	33280              c:\windows\system32\csrsrv.dll
+ 2004-08-04 12:00 . 2011-10-28 05:31	33280              c:\windows\system32\csrsrv.dll
+ 2011-12-25 01:49 . 2011-12-25 01:49	31504              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2012-06-29 16:38 . 2012-06-29 16:38	60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3b34fc2c8c94ffe21f75168980b69dfe\System.Web.DynamicData.Design.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	82944              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\7bb7e51275fa19f8b4894c772bdb1e10\System.AddIn.Contract.ni.dll
+ 2012-06-29 13:06 . 2012-06-29 13:06	47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\f0c4a4528f130ef2ff1ae63dd7b39075\PresentationFontCache.ni.exe
+ 2012-06-29 13:05 . 2012-06-29 13:05	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\53931181e5a5e194da82605613cda6af\PresentationCFFRasterizer.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2be3ad4cda6853d7959a84cec0414c5\Microsoft.Vsa.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	65024              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8fab9cd28bbc860a34feec119512664d\Microsoft.Build.Framework.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	74752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0eac132c7c36f1c100ae23c956b379e7\Microsoft.Build.Framework.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	14336              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\d66bc03eb7eae89b4dde2d09eda1414f\dfsvc.ni.exe
+ 2012-06-29 16:54 . 2012-06-29 16:54	25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
- 2011-04-15 07:08 . 2011-04-15 07:08	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-04-15 07:08 . 2011-04-15 07:08	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-15 07:08 . 2011-04-15 07:08	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-15 07:08 . 2011-04-15 07:08	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-04-15 07:08 . 2011-04-15 07:08	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-04-15 07:08 . 2011-04-15 07:08	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-04-15 07:08 . 2011-04-15 07:08	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-15 07:09 . 2011-04-15 07:09	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-15 07:09 . 2011-04-15 07:09	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-04-15 07:08 . 2011-04-15 07:08	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-04-05 21:13 . 2012-04-05 21:13	299080              c:\windows\system32\XPSViewer\XPSViewer.exe
- 2004-08-04 12:00 . 2009-12-24 06:59	177664              c:\windows\system32\wintrust.dll
+ 2004-08-04 12:00 . 2012-02-29 14:09	177664              c:\windows\system32\wintrust.dll
- 2004-08-04 12:00 . 2010-06-18 17:44	293888              c:\windows\system32\winsrv.dll
+ 2004-08-04 12:00 . 2011-11-25 21:57	293888              c:\windows\system32\winsrv.dll
+ 2004-08-04 12:00 . 2011-10-14 14:47	178176              c:\windows\system32\winmm.dll
- 2004-08-04 12:00 . 2008-04-14 06:52	178176              c:\windows\system32\winmm.dll
- 2004-08-04 12:00 . 2009-08-25 09:17	354816              c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2011-11-16 14:21	354816              c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2012-04-20 19:29	629248              c:\windows\system32\urlmon.dll
+ 2008-07-29 18:59 . 2011-09-26 09:41	614912              c:\windows\system32\uiautomationcore.dll
+ 2004-08-04 12:00 . 2011-11-16 14:21	152064              c:\windows\system32\schannel.dll
+ 2004-08-04 12:00 . 2011-11-03 15:28	387072              c:\windows\system32\qdvd.dll
- 2004-08-04 12:00 . 2008-04-14 06:52	387072              c:\windows\system32\qdvd.dll
+ 2004-08-04 12:00 . 2012-06-29 16:36	435688              c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2012-06-29 16:36	477158              c:\windows\system32\perfh007.dat
+ 2004-08-04 12:00 . 2010-12-20 17:32	551936              c:\windows\system32\oleaut32.dll
- 2004-08-04 12:00 . 2008-04-14 06:52	551936              c:\windows\system32\oleaut32.dll
+ 2004-08-04 12:00 . 2011-09-26 09:41	220160              c:\windows\system32\oleacc.dll
- 2004-08-04 12:00 . 2011-02-17 13:51	532480              c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2012-04-20 19:29	532480              c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2012-04-20 19:29	449536              c:\windows\system32\mshtmled.dll
+ 2009-02-04 12:41 . 2011-10-10 14:22	692736              c:\windows\system32\inetcomm.dll
- 2009-02-04 12:41 . 2011-03-07 05:33	692736              c:\windows\system32\inetcomm.dll
+ 2004-08-04 12:00 . 2012-02-29 14:09	148480              c:\windows\system32\imagehlp.dll
- 2004-08-04 12:00 . 2011-02-17 13:51	251904              c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2012-04-20 19:29	251904              c:\windows\system32\iepeers.dll
- 2009-02-04 12:24 . 2011-04-15 08:58	267800              c:\windows\system32\FNTCACHE.DAT
+ 2009-02-04 12:24 . 2012-06-29 16:35	267800              c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 12:00 . 2011-10-18 11:13	186880              c:\windows\system32\encdec.dll
- 2004-08-04 12:00 . 2011-02-09 13:53	186880              c:\windows\system32\encdec.dll
+ 2004-08-04 12:00 . 2011-04-21 13:37	105472              c:\windows\system32\drivers\mup.sys
+ 2004-08-04 12:00 . 2011-07-15 13:29	456320              c:\windows\system32\drivers\mrxsmb.sys
- 2004-08-04 12:00 . 2008-10-16 14:43	138496              c:\windows\system32\drivers\afd.sys
+ 2004-08-04 12:00 . 2011-08-17 13:49	138496              c:\windows\system32\drivers\afd.sys
+ 2009-02-04 12:41 . 2012-06-02 13:19	210968              c:\windows\system32\dllcache\wuweb.dll
+ 2009-02-04 12:41 . 2012-06-02 13:19	329240              c:\windows\system32\dllcache\wucltui.dll
+ 2009-02-04 12:41 . 2012-06-02 13:19	577048              c:\windows\system32\dllcache\wuapi.dll
+ 2009-12-24 06:59 . 2012-02-29 14:09	177664              c:\windows\system32\dllcache\wintrust.dll
- 2009-12-24 06:59 . 2009-12-24 06:59	177664              c:\windows\system32\dllcache\wintrust.dll
- 2010-06-18 17:44 . 2010-06-18 17:44	293888              c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:44 . 2011-11-25 21:57	293888              c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47	178176              c:\windows\system32\dllcache\winmm.dll
- 2009-02-04 14:25 . 2011-02-17 13:51	672768              c:\windows\system32\dllcache\wininet.dll
+ 2009-02-04 14:25 . 2012-05-16 07:58	672768              c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21	354816              c:\windows\system32\dllcache\winhttp.dll
- 2008-12-16 12:30 . 2009-08-25 09:17	354816              c:\windows\system32\dllcache\winhttp.dll
+ 2009-02-04 14:25 . 2012-04-20 19:29	629248              c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-05 06:55 . 2011-11-16 14:21	152064              c:\windows\system32\dllcache\schannel.dll
+ 2011-11-03 15:28 . 2011-11-03 15:28	387072              c:\windows\system32\dllcache\qdvd.dll
+ 2010-12-20 17:32 . 2010-12-20 17:32	551936              c:\windows\system32\dllcache\oleaut32.dll
+ 2004-08-04 12:00 . 2011-09-26 09:41	220160              c:\windows\system32\dllcache\oleacc.dll
+ 2010-11-05 05:04 . 2012-04-20 19:29	532480              c:\windows\system32\dllcache\mstime.dll
- 2010-11-05 05:04 . 2011-02-17 13:51	532480              c:\windows\system32\dllcache\mstime.dll
+ 2010-09-09 14:17 . 2012-04-20 19:29	449536              c:\windows\system32\dllcache\mshtmled.dll
+ 2009-02-04 14:24 . 2011-07-15 13:29	456320              c:\windows\system32\dllcache\mrxsmb.sys
- 2009-02-04 14:24 . 2011-03-07 05:33	692736              c:\windows\system32\dllcache\inetcomm.dll
+ 2009-02-04 14:24 . 2011-10-10 14:22	692736              c:\windows\system32\dllcache\inetcomm.dll
+ 2012-02-29 14:09 . 2012-02-29 14:09	148480              c:\windows\system32\dllcache\imagehlp.dll
- 2010-02-26 05:41 . 2011-02-17 13:51	251904              c:\windows\system32\dllcache\iepeers.dll
+ 2010-02-26 05:41 . 2012-04-20 19:29	251904              c:\windows\system32\dllcache\iepeers.dll
- 2011-02-09 13:53 . 2011-02-09 13:53	186880              c:\windows\system32\dllcache\encdec.dll
+ 2011-02-09 13:53 . 2011-10-18 11:13	186880              c:\windows\system32\dllcache\encdec.dll
+ 2008-06-20 11:40 . 2011-08-17 13:49	138496              c:\windows\system32\dllcache\afd.sys
- 2008-06-20 11:40 . 2008-10-16 14:43	138496              c:\windows\system32\dllcache\afd.sys
+ 2012-04-05 21:52 . 2012-04-05 21:52	131168              c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2011-12-25 01:49 . 2011-12-25 01:49	436496              c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-04-21 05:15 . 2012-04-21 05:15	630784              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2011-12-25 01:50 . 2011-12-25 01:50	389888              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-12-25 01:50 . 2011-12-25 01:50	364816              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-12-25 01:50 . 2011-12-25 01:50	989968              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-12-22 14:50 . 2011-12-22 14:50	256000              c:\windows\Installer\27d3f1.msp
+ 2012-04-21 19:55 . 2012-04-21 19:55	980480              c:\windows\Installer\27d3e9.msp
+ 2011-12-25 03:40 . 2011-12-25 03:40	819200              c:\windows\Installer\27d3d4.msp
+ 2009-02-04 14:24 . 2011-07-15 13:29	456320              c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2012-06-29 16:54 . 2012-06-29 16:54	321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ac4fc3032c19946f9b2729468888206d\WsatConfig.ni.exe
+ 2012-06-29 16:38 . 2012-06-29 16:38	240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\86e11a59f02b2dda27ec2e7cba351744\WindowsFormsIntegration.ni.dll
+ 2012-06-29 16:38 . 2012-06-29 16:38	187904              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\be27ab5913cec2b292a019c2a13ec701\UIAutomationTypes.ni.dll
+ 2012-06-29 16:38 . 2012-06-29 16:38	447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\04e5e2be34a70ee7f4c87550238095a0\UIAutomationClient.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\698c2093d7ac57af935b399d1c0b1790\System.Web.Routing.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6c7765c10516d375e9ddedad2dbab848\System.Web.RegularExpressions.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\75248baf640115daeb0e580f1c5ff98b\System.Web.Extensions.Design.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\40c3b61ac38613e2b4b0f196e86185eb\System.Web.Entity.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\39cc9a830f7f08fd9f397be452fd78b0\System.Web.Entity.Design.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\88b1fd4792e7b698b788594d8e5e3c09\System.Web.DynamicData.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6333d22a2ea347432d46c40d93194c68\System.Web.Abstractions.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	679936              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\4a9eb43005a041959ddc5c7e586ab746\System.Net.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\3182a049ba953010dec649cf290a9e90\System.Management.Instrumentation.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8991f21d4b3676bf6f779110db8d4ac9\System.IO.Log.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cd9c60a35d4958e94d2e3dd2f778e2e9\System.IdentityModel.Selectors.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	280064              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	627712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
+ 2012-06-29 16:36 . 2012-06-29 16:36	208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\96a3fc1f74a00b618b70bd1701600408\System.Drawing.Design.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ca484772955bc4db03b5dcb611c09423\System.DirectoryServices.Protocols.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ba5e68dddfd3279a8469d39eded48f3\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a0109fce606a3110a5e7f9a4773f517e\System.Data.Services.Design.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3a68d0441f509ffa6f8f0fb9cfcc5780\System.Data.Services.Client.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04440b3dd5d822da4973a525ee04b05d\System.Data.Entity.Design.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\7bbb5d9e3b161b4d4b968e590442d3ae\System.Data.DataSetExtensions.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	634368              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6762f1ee780fa9c0b4ef66b285c64844\SMSvcHost.ni.exe
+ 2012-06-29 16:54 . 2012-06-29 16:54	256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\47ed5bc9f42ea0054ce9acfde5e640b8\ServiceModelReg.ni.exe
+ 2012-06-29 13:08 . 2012-06-29 13:08	258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a4706b850df9a3483f2fc439b6abe616\PresentationFramework.Royale.ni.dll
+ 2012-06-29 13:08 . 2012-06-29 13:08	539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
+ 2012-06-29 13:08 . 2012-06-29 13:08	224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
+ 2012-06-29 13:08 . 2012-06-29 13:08	368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\186c27fbd7b38b5551889274f6fa2ccd\PresentationFramework.Aero.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5a121969a115d11b6256eb960c145686\MSBuild.ni.exe
+ 2012-06-29 16:54 . 2012-06-29 16:54	386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\97c613d3899b320a6765793bdf490272\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dec22fb7d6b8929a41380e5359741a07\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1009b31c86a1b798fffa9e0127cec29c\Microsoft.Build.Utilities.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\21d88631ef629715d3eecdd08e62e0b8\Microsoft.Build.Engine.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a0f38c6478cca8297fb160291346c1c9\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	220672              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\9869c02d18825fdd32e64135a3e7246b\ComSvcConfig.ni.exe
+ 2012-06-29 16:54 . 2012-06-29 16:54	842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c0045c1c7c29c7e7cc7bd60001b729a7\AspNetMMCExt.ni.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-15 07:08 . 2011-04-15 07:08	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-15 07:08 . 2011-04-15 07:08	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	630784              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-15 07:08 . 2011-04-15 07:08	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-29 13:08 . 2012-06-29 13:08	163840              c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2009-02-04 15:01 . 2009-02-04 15:01	163840              c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-29 12:50 . 2012-06-29 12:50	532480              c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-15 07:08 . 2011-04-15 07:08	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-02-04 15:00 . 2009-02-04 15:00	368640              c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-29 12:50 . 2012-06-29 12:50	368640              c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-06-29 12:11 . 2012-02-09 15:43	1748992              c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2004-08-04 12:00 . 2012-04-20 19:29	1510400              c:\windows\system32\shdocvw.dll
- 2004-08-04 12:00 . 2011-02-17 13:51	1510400              c:\windows\system32\shdocvw.dll
+ 2004-08-04 12:00 . 2011-11-03 15:28	1297920              c:\windows\system32\quartz.dll
+ 2004-08-04 12:00 . 2011-11-01 16:07	1288704              c:\windows\system32\ole32.dll
+ 2004-08-04 12:00 . 2012-04-20 19:29	3109376              c:\windows\system32\mshtml.dll
+ 2009-02-04 12:41 . 2012-06-02 13:19	1933848              c:\windows\system32\dllcache\wuaueng.dll
+ 2009-02-04 14:24 . 2012-05-15 13:56	1863296              c:\windows\system32\dllcache\win32k.sys
- 2009-02-04 14:25 . 2011-02-17 13:51	1510400              c:\windows\system32\dllcache\shdocvw.dll
+ 2009-02-04 14:25 . 2012-04-20 19:29	1510400              c:\windows\system32\dllcache\shdocvw.dll
+ 2008-05-07 05:10 . 2011-11-03 15:28	1297920              c:\windows\system32\dllcache\quartz.dll
+ 2010-07-16 12:05 . 2011-11-01 16:07	1288704              c:\windows\system32\dllcache\ole32.dll
+ 2009-02-04 14:24 . 2012-05-05 03:14	2194944              c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-02-04 14:24 . 2012-05-05 03:14	2029056              c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-04 14:24 . 2012-05-05 03:14	2071424              c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-04 14:24 . 2012-05-05 03:14	2150912              c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-02-04 14:24 . 2012-04-20 19:29	3109376              c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-10 04:33 . 2012-04-20 19:29	1025024              c:\windows\system32\dllcache\browseui.dll
- 2010-03-10 04:33 . 2011-02-17 13:51	1025024              c:\windows\system32\dllcache\browseui.dll
- 2004-08-04 12:00 . 2011-02-17 13:51	1025024              c:\windows\system32\browseui.dll
+ 2004-08-04 12:00 . 2012-04-20 19:29	1025024              c:\windows\system32\browseui.dll
+ 2012-03-20 03:23 . 2012-03-20 03:23	5025792              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2008-07-25 10:17 . 2008-07-25 10:17	5025792              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 01:50 . 2011-12-25 01:50	5246976              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-12-25 01:50 . 2011-12-25 01:50	3186688              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-03-20 03:23 . 2012-03-20 03:23	5062656              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2008-07-25 10:17 . 2008-07-25 10:17	5062656              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2011-12-25 01:50 . 2011-12-25 01:50	5913360              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-12-25 01:50 . 2011-12-25 01:50	4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-01-18 02:39 . 2011-01-18 02:39	4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-12-26 07:59 . 2011-12-26 07:59	4368896              c:\windows\Installer\27d3cc.msp
+ 2012-03-20 21:57 . 2012-03-20 21:57	6188544              c:\windows\Installer\27d3b4.msp
+ 2009-02-04 14:24 . 2012-05-05 03:14	2194944              c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-02-04 14:24 . 2012-05-05 03:14	2029056              c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-04 14:24 . 2012-05-05 03:14	2071424              c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-04 14:24 . 2012-05-05 03:14	2150912              c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-06-29 13:05 . 2012-06-29 13:05	3325440              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
+ 2012-06-29 16:38 . 2012-06-29 16:38	1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41a81b97625c113b591ed082c95276e2\UIAutomationClientsideProviders.ni.dll
+ 2012-06-29 13:05 . 2012-06-29 13:05	7953408              c:\windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
+ 2012-06-29 16:38 . 2012-06-29 16:38	5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	1908224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\77361ebe9ad8ff77cc9a8d7f8363eb05\System.Workflow.Runtime.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1c12dfa7826b331b243b7b45daf9904d\System.Workflow.ComponentModel.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\514bf0e69e2c9fc8509cd23236057356\System.Workflow.Activities.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\77f8cde07b131839f1841be702837e8e\System.Web.Mobile.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	2405888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\242b168aaca18197eca371ec269e23ac\System.Web.Extensions.ni.dll
+ 2012-06-29 16:37 . 2012-06-29 16:37	1917440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5efb50c91f3c5e49be2079f625d933b7\System.Speech.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	2345472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
+ 2012-06-29 16:37 . 2012-06-29 16:37	1035776              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d380f1813e27c2a086e62f0218669d67\System.Printing.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
+ 2012-06-29 16:36 . 2012-06-29 16:36	1592320              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b55887436d2cfbe1fb32dd18d554185b\System.DirectoryServices.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll
+ 2012-06-29 13:09 . 2012-06-29 13:09	6616576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de7666b1cd0a1bc363726c9553dc39c\System.Data.Services.ni.dll
+ 2012-06-29 13:09 . 2012-06-29 13:09	2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44a5fc9e7c71b1fe1e2c79b03ecc3bc7\System.Data.Linq.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\772c94f595cd87b7fa187d592ef46fcf\System.Data.Entity.ni.dll
+ 2012-06-29 13:09 . 2012-06-29 13:09	2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
+ 2012-06-29 13:09 . 2012-06-29 13:09	2146304              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\443dd7f0b84c3de54b1a72be655e307c\ReachFramework.ni.dll
+ 2012-06-29 13:09 . 2012-06-29 13:09	1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\48ddcafff1a5603fb3289e90330275c0\PresentationUI.ni.dll
+ 2012-06-29 13:05 . 2012-06-29 13:05	1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\8c509044eea2ab22689ea43926b30108\PresentationBuildTasks.ni.dll
+ 2012-06-29 16:55 . 2012-06-29 16:55	1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\42145ebf75f77cabad442f0801a81c64\Microsoft.Transactions.Bridge.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\cfe15312373b4668398404b5822bab7d\Microsoft.JScript.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4e463dcf2a03c71913a61b44c32e2389\Microsoft.Build.Tasks.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\395b4a85c7941ac4dd9d1c6f5eb444c7\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5aa63a1cb41e3a5e1e8ed17072e60ec3\Microsoft.Build.Engine.ni.dll
+ 2012-06-29 12:50 . 2012-06-29 12:50	1249280              c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2010-06-23 19:31 . 2010-06-23 19:31	1249280              c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	3186688              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-04-15 07:08 . 2011-04-15 07:08	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-06 21:07 . 2010-10-06 21:07	1277952              c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-06-29 12:54 . 2012-06-29 12:54	1277952              c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-04-15 07:08 . 2011-04-15 07:08	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-29 12:50 . 2012-06-29 12:50	5283840              c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	5246976              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-29 12:50 . 2012-06-29 12:50	4214784              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-04-15 07:09 . 2011-04-15 07:09	4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-29 13:07 . 2012-06-29 13:07	4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-02-04 14:35 . 2012-06-03 21:35	56731752              c:\windows\system32\MRT.exe
+ 2012-04-06 00:12 . 2012-04-06 00:12	15709696              c:\windows\Installer\27d3f9.msp
+ 2012-01-04 00:25 . 2012-01-04 00:25	17751552              c:\windows\Installer\27d3e1.msp
+ 2012-04-06 01:13 . 2012-04-06 01:13	16527872              c:\windows\Installer\27d3c1.msp
+ 2012-06-29 16:37 . 2012-06-29 16:37	12433920              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
+ 2012-06-29 16:56 . 2012-06-29 16:56	11817472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54	17403904              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
+ 2012-06-29 13:09 . 2012-06-29 13:09	10682368              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f73a8455f384e90f6925309336fece24\System.Design.ni.dll
+ 2012-06-29 13:08 . 2012-06-29 13:08	14329856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
+ 2012-06-29 13:08 . 2012-06-29 13:08	12218368              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
+ 2012-06-29 13:05 . 2012-06-29 13:05	11492352              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2012-06-27 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Besitzer^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\dokumente und einstellungen\Besitzer\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2011-07-11 15:14	528832	----a-w-	c:\programme\Lavasoft\Ad-Aware\AAWTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38	34672	----a-w-	c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43	69632	----a-w-	c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-12-13 07:39	281768	----a-w-	c:\programme\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2006-12-27 23:02	1454080	----a-r-	c:\programme\avmwlanstick\WLanGUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47	31016	----a-w-	c:\programme\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-09-17 22:55	13574144	----a-w-	c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-09-17 22:55	86016	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-09-17 22:55	1657376	----a-w-	c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 10:53	1483264	----a-w-	c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 02:01	32768	----a-w-	c:\programme\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-11-22 15:40	16858112	----a-w-	c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55	17148552	----a-r-	d:\dasi\Programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44	248552	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-06-27 18:01	296056	----a-w-	c:\programme\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Vogel Verlag\\Fahren Lernen\\Vogel.FahrenLernenMax.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\DaSi\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.02.2009 18:14 64160]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [27.05.2009 09:26 136360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 1036104]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [04.02.2009 20:12 265088]
S2 Application Updater;Application Updater;"c:\programme\Application Updater\ApplicationUpdater.exe" --> c:\programme\Application Updater\ApplicationUpdater.exe [?]
S2 SkypeUpdate;Skype Updater;d:\dasi\Programme\Skype\Updater\Updater.exe [15.02.2012 14:30 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05.04.2012 08:57 250056]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [04.02.2009 20:12 4352]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [03.05.2012 17:19 113120]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04.08.2004 14:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:14]
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 07:57]
.
2012-06-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-162531612-839522115-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-06-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-162531612-839522115-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bsajwldn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-29 19:17
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-06-29  19:19:25
ComboFix-quarantined-files.txt  2012-06-29 17:19
ComboFix2.txt  2012-06-29 11:41
.
Vor Suchlauf: 9 Verzeichnis(se), 103.933.874.176 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 103.968.956.416 Bytes frei
.
- - End Of File - - 344C0B0C23D23904BDAB50935A08B311

--- --- ---

ich glaube er hat keinen Neustart gemacht ... jedenfalls wurde ich nicht aufgefordert irgendetwas zu tun ,,,,

cosinus · 01.07.2012, 14:20

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Toledi · 02.07.2012, 13:42

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-02 14:21:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e MAXTOR_STM3250310AS rev.3.AAF
Running: 2e1o50fw.exe; Driver: C:\DOKUME~1\Besitzer\LOKALE~1\Temp\kgriifow.sys


---- System - GMER 1.0.15 ----

SSDT            F7B7374C                                                                                         ZwClose
SSDT            F7B73706                                                                                         ZwCreateKey
SSDT            F7B73756                                                                                         ZwCreateSection
SSDT            F7B736FC                                                                                         ZwCreateThread
SSDT            F7B7370B                                                                                         ZwDeleteKey
SSDT            F7B73715                                                                                         ZwDeleteValueKey
SSDT            F7B73747                                                                                         ZwDuplicateObject
SSDT            F7B7371A                                                                                         ZwLoadKey
SSDT            F7B736E8                                                                                         ZwOpenProcess
SSDT            F7B736ED                                                                                         ZwOpenThread
SSDT            F7B73724                                                                                         ZwReplaceKey
SSDT            F7B7371F                                                                                         ZwRestoreKey
SSDT            F7B7375B                                                                                         ZwSetContextThread
SSDT            F7B73710                                                                                         ZwSetValueKey
SSDT            F7B736F7                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2DC4                                                             8050467C 4 Bytes  CALL A747FDB7 
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                         section is writeable [0xF6A1E360, 0x32DEFD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\programme\real\realplayer\update\realsched.exe[992] kernel32.dll!SetUnhandledExceptionFilter  7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                        Lbd.sys (Boot Driver/Lavasoft AB)

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 15:14:26 on 02.07.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.5512

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"Ad-Aware Update (Weekly).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"RealUpgradeLogonTaskS-1-5-21-448539723-162531612-839522115-1003.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-448539723-162531612-839522115-1003.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmeject.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Besitzer\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"kgriifow" (kgriifow) - ? - C:\DOKUME~1\Besitzer\LOKALE~1\Temp\kgriifow.sys  (Hidden registry entry, rootkit activity | File not found)
"Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - ? - C:\WINDOWS\system32\hticons.dll  (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? -   (File not found | COM-object registry key not found)
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programme\real\realplayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"TkBellExe" - "RealNetworks, Inc." - "C:\programme\real\realplayer\update\realsched.exe"  -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Application Updater" (Application Updater) - ? - "C:\Programme\Application Updater\ApplicationUpdater.exe"  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"AVM FRITZ!web Routing Service" (de_serv) - ? - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe  (File not found)
"AVM IGD CTRL Service" (AVM IGD CTRL Service) - ? - C:\Programme\FRITZ!DSL\IGDCTRL.EXE  (File not found)
"AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Programme\avmwlanstick\WlanNetService.exe
"getPlus(R) Helper 3004" (nosGetPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper_3004.dll
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - D:\DaSi\Programme\Skype\Updater\Updater.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 02.07.2012, 14:24

Was ist mit aswMBR?

Toledi · 02.07.2012, 16:39

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-02 15:48:57
-----------------------------
15:48:57.656 OS Version: Windows 5.1.2600 Service Pack 3
15:48:57.656 Number of processors: 2 586 0x6B02
15:48:57.656 ComputerName: BENUTZER-0D266D UserName: Besitzer
15:48:58.671 Initialize success
15:52:15.046 AVAST engine defs: 12070201
16:30:38.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
16:30:38.125 Disk 0 Vendor: MAXTOR_STM3250310AS 3.AAF Size: 238475MB BusType: 3
16:30:38.187 Disk 0 MBR read successfully
16:30:38.187 Disk 0 MBR scan
16:30:38.250 Disk 0 Windows XP default MBR code
16:30:38.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63
16:30:38.265 Disk 0 Partition - 00 0F Extended LBA 88467 MB offset 307194930
16:30:38.328 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 88467 MB offset 307194993
16:30:38.375 Disk 0 scanning sectors +488376000
16:30:38.656 Disk 0 scanning C:\WINDOWS\system32\drivers
16:31:22.500 Service scanning
16:31:36.546 Modules scanning
16:32:22.687 Disk 0 trace - called modules:
16:32:22.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:32:22.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ab1ab8]
16:32:22.750 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000064[0x84ab5f18]
16:32:22.750 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x84ab3d98]
16:32:23.218 AVAST engine scan C:\WINDOWS
16:33:08.750 AVAST engine scan C:\WINDOWS\system32
16:42:55.062 AVAST engine scan C:\WINDOWS\system32\drivers
16:44:22.140 AVAST engine scan C:\Dokumente und Einstellungen\Besitzer
17:11:39.781 AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:22:10.390 Scan finished successfully
17:36:18.031 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Besitzer\Desktop\MBR.dat"
17:36:18.031 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Besitzer\Desktop\aswMBR.txt"

ist ne ganze zeit gelaufen ....

cosinus · 03.07.2012, 10:42

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

02.07.2012, 14:24	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort Was ist mit aswMBR? __________________ Logfiles bitte immer in CODE-Tags posten

03.07.2012, 10:42	#30
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort

Plagegeister aller Art und deren Bekämpfung: GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort