Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.06.2012, 07:49   #1
juzi74
 
TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität - Standard

TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität



Hallo, seit Dienstag meldet sich Avira auf unserem Büro-Rechner mit den Trojaner Funden: TR/Atraps.Gen2 TR/Sirefef.AG.35 und TR/Small.FI

Ein Scan mit Malewarebytes hat den Fund bestätigt.

In Quarantäne verschieben funktioniert nicht. Ich bin keine Anleitungen zum enfernen durchgegangen, weil in einer Anleitung stand, dass jede Infektion einer individuellen Behandlung Bedarf.

Ich würde mich seeeeehr freuen, wenn mir jemand helfen könnte.
Hier die Logs:

OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.06.2012 11:44:08 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Dokumente und Einstellungen\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 75,41% Memory free
5,34 Gb Paging File | 4,49 Gb Available in Paging File | 84,16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 931,50 Gb Total Space | 899,12 Gb Free Space | 96,52% Space Free | Partition Type: NTFS
Drive D: | 931,50 Gb Total Space | 651,39 Gb Free Space | 69,93% Space Free | Partition Type: NTFS
 
Computer Name: BUERO-1 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.27 11:19:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe
PRC - [2012.05.14 16:03:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.14 16:03:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.14 16:03:03 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 16:03:03 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.14 16:03:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.14 16:03:03 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.04 16:05:47 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\spotify.exe
PRC - [2012.05.04 16:05:46 | 000,932,528 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.12.09 19:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2011.10.31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe
PRC - [2011.10.27 11:17:20 | 001,927,120 | ---- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\NasNavi.exe
PRC - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.03.03 19:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProTray.exe
PRC - [2010.03.03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProSvc.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.09.21 20:19:20 | 001,964,528 | ---- | M] (Symantec) -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2009.05.15 10:37:00 | 000,206,128 | ---- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\nassche.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.11 02:17:30 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2001.08.18 04:54:46 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfRsmg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 08:56:45 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.14 08:15:20 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.14 08:14:27 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.13 13:31:18 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.05.14 16:03:04 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.05.11 12:49:16 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.11 12:49:01 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.05.10 14:43:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.10 14:42:39 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.10 14:42:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.05.04 16:05:47 | 020,101,120 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\libcef.dll
MOD - [2012.05.04 16:05:46 | 000,932,528 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.03.14 18:18:51 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3748.36848__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011.03.14 18:18:51 | 000,380,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3748.36826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:51 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011.03.14 18:18:51 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:51 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:51 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:51 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:51 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3748.36875__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011.03.14 18:18:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:50 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:50 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TutorialInfoCentre.Graphics.Dashboard\2.0.3748.36964__90ba9c70f846762e\CLI.Aspect.TutorialInfoCentre.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011.03.14 18:18:50 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3748.36931__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:50 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:50 | 000,013,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:50 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:49 | 000,655,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3748.36942__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:49 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:48 | 000,856,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3748.36878__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:48 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3748.36851__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:48 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3748.36900__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011.03.14 18:18:48 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3748.36838__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:48 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:48 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3748.36855__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:47 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:47 | 000,376,832 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3748.36871__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:47 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:47 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:47 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:47 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3748.36884__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:47 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3748.36820__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.03.14 18:18:47 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3748.36817__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.03.14 18:18:47 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011.03.14 18:18:47 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011.03.14 18:18:47 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011.03.14 18:18:46 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3748.36815__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.03.14 18:18:46 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3748.36816__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.03.14 18:18:46 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011.03.14 18:18:46 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3748.36928__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.03.14 18:18:46 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3748.36819__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.03.14 18:18:46 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3748.36826__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3748.36819__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3748.36816__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.03.14 18:18:45 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.03.14 18:18:45 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3748.36923__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.03.14 18:18:45 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2011.03.14 18:18:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,009,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3748.36817__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3748.36825__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.03.14 18:18:45 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3748.36820__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3748.36867__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3748.36882__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3748.36825__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3748.36817__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011.03.14 18:18:44 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3748.36822__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.03.14 18:18:43 | 000,741,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3748.36957__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011.03.14 18:18:43 | 000,577,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3748.36917__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011.03.14 18:18:43 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.03.14 18:18:43 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3748.36923__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.03.14 18:18:43 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3748.36921__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.03.14 18:18:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.03.14 18:18:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3748.36820__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.03.14 18:18:43 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3748.36818__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.03.14 18:18:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3748.36819__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.03.14 18:18:43 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011.03.14 18:18:43 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011.03.14 18:18:43 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3748.36842__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.03.14 18:18:43 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3748.36824__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011.03.14 18:18:43 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3748.36822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011.03.14 18:18:42 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3748.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011.03.14 18:18:42 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3748.36824__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.03.14 18:18:42 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3748.36825__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011.03.14 18:18:42 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3748.36821__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.03.14 18:18:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3748.36830__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.03.14 18:18:42 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3748.36831__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.03.14 18:18:41 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3748.36823__90ba9c70f846762e\APM.Server.dll
MOD - [2011.03.14 18:18:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3748.36822__90ba9c70f846762e\AEM.Server.dll
MOD - [2011.03.14 18:18:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011.03.14 18:18:41 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3748.36923__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.03.14 18:18:41 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3748.36849__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010.08.16 00:08:44 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010.01.08 15:15:34 | 001,552,384 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Programme\Notepad++\NppShell_01.dll
MOD - [2009.05.26 20:15:36 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.05.26 20:15:35 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.02.11 02:17:30 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
MOD - [2007.06.03 09:46:31 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\cl66cl3.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.25 13:46:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.22 12:26:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.14 16:03:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 16:03:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.14 16:03:03 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 16:03:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.03.03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010.02.12 07:09:06 | 001,574,408 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.09.21 20:19:20 | 001,964,528 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\AmdK8.sys -- (AmdK8)
DRV - [2012.05.14 16:03:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.14 16:03:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.11 16:06:12 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.20 10:44:24 | 006,026,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.04.08 10:11:36 | 000,101,904 | R--- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.04.07 04:42:04 | 004,687,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.02.12 07:10:12 | 000,057,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2009.11.18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.10.01 22:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.09.21 20:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2009.09.21 20:20:42 | 000,138,592 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap)
DRV - [2009.09.04 07:46:08 | 000,045,056 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009.05.27 13:24:29 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008.04.14 08:03:54 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008.01.19 19:45:40 | 000,038,112 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount)
DRV - [2007.12.14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006.11.24 04:34:54 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001.08.18 05:21:04 | 000,039,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParwdm.sys -- (BrParWdm) Brother WDM-Treiber (parallel)
DRV - [2001.08.17 14:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParImg.sys -- (brparimg)
DRV - [2001.08.17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn) Brother MFC-Scannertreiber (USB)
DRV - [2001.08.17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://groupware.vfs-langenhagen.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.22 12:26:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.13 15:39:36 | 000,000,000 | ---D | M]
 
[2010.12.02 11:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Extensions
[2010.12.02 11:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.05.02 14:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yx8gn338.default\extensions
[2010.07.02 14:23:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yx8gn338.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.06.08 14:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Sunbird\Profiles\6iyd0i52.default\extensions
[2012.05.04 14:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.14 14:17:48 | 000,709,293 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\YX8GN338.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.06.22 12:26:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.11 13:12:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2012.06.22 12:26:20 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.22 12:26:20 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.22 12:26:20 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.22 12:26:20 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 12:26:20 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 12:26:20 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2001.08.31 23:23:36 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Programme\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Spotify] C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\BUFFALO NAS Navigator2.lnk = C:\Programme\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\NAS Scheduler.lnk = C:\Programme\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Quicken 2009 Zahlungserinnerung.lnk = C:\Programme\Quicken\2009\billmind.exe (Lexware GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 80
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99277728-F2C2-46E7-B3A0-2E8743EA09DC}: NameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.05.19 18:28:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{112181fa-a3a1-11df-9df5-00241d126e9d}\Shell - "" = AutoRun
O33 - MountPoints2\{112181fa-a3a1-11df-9df5-00241d126e9d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{112181fa-a3a1-11df-9df5-00241d126e9d}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Bin\Assetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.27 11:41:20 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe
[2012.06.27 10:13:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Malwarebytes
[2012.06.27 10:13:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.06.27 10:13:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.27 10:13:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.06.27 10:13:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.06.27 09:50:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2012.06.04 13:03:02 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[2012.05.31 10:29:28 | 000,000,000 | ---D | C] -- C:\Programme\Canon
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.27 11:46:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.27 11:40:37 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\defogger_reenable
[2012.06.27 11:38:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.27 11:38:07 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.27 11:38:00 | 000,002,644 | ---- | M] () -- C:\WINDOWS\BRMFBIDI.INI
[2012.06.27 11:37:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.27 11:37:23 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2012.06.27 11:19:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe
[2012.06.27 11:12:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.27 10:13:33 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.21 09:39:37 | 000,035,328 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.14 08:13:18 | 000,377,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.13 13:31:31 | 000,499,742 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.13 13:31:31 | 000,475,446 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.13 13:31:31 | 000,101,642 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.13 13:31:31 | 000,084,976 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.13 13:28:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.04 13:03:10 | 000,001,034 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\Dropbox.lnk
[2012.06.04 13:02:54 | 000,001,026 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Dropbox.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.27 11:42:32 | 000,001,648 | ---- | C] () -- C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\00000001.@
[2012.06.27 11:40:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\defogger_reenable
[2012.06.27 11:37:02 | 000,018,944 | ---- | C] () -- C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\800000cb.@
[2012.06.27 11:37:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\80000000.@
[2012.06.27 10:13:33 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.17 15:34:08 | 000,015,022 | ---- | C] () -- C:\WINDOWS\UN060501.INI
[2012.02.15 16:17:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.31 18:12:44 | 000,001,040 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\advanced_ip_scanner_MAC.bin
[2011.07.08 15:19:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011.05.12 13:43:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.04.26 17:09:48 | 000,000,019 | ---- | C] () -- C:\WINDOWS\QwTools.INI
[2011.03.14 18:17:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.03.14 18:17:24 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.03.14 18:17:24 | 000,202,234 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.03.14 18:17:24 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.03.14 18:17:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2011.03.14 18:17:00 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2011.03.14 17:44:23 | 000,021,536 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011.03.14 17:44:22 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011.03.14 17:37:13 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011.03.14 17:33:00 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010.12.02 14:18:46 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage3.dll
[2010.12.02 14:18:46 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2010.12.02 14:18:46 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2010.12.02 14:18:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe
[2010.12.02 13:54:19 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SW_Win9423X24.DLL
[2010.11.18 15:49:18 | 000,000,374 | ---- | C] () -- C:\WINDOWS\capture.ini
[2010.08.20 11:45:47 | 000,000,014 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\usb001
[2010.07.27 23:16:22 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_9880.ini
[2010.07.27 23:16:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010.07.22 22:02:00 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD5250DN.DAT
[2010.06.11 15:46:23 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2009.07.02 11:03:38 | 000,013,017 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Kommagetrennte Werte (Windows).CAL
[2009.06.05 13:53:36 | 000,035,328 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.27 15:31:59 | 000,000,512 | ---- | C] () -- C:\Programme\hbedv.key
[2009.05.27 13:39:16 | 003,211,264 | ---- | C] () -- C:\Programme\Gemeinsame DateienDDBACSetup.msi
[2009.05.20 13:12:06 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.04.14 07:51:54 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@
[2008.04.14 07:51:54 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@
 
========== LOP Check ==========
 
[2009.05.27 13:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Buhl Data Service
[2010.11.15 14:07:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Buhl Data Service GmbH
[2012.02.21 16:59:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\DL
[2012.06.27 11:39:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox
[2012.06.13 13:22:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\FileZilla
[2010.03.18 11:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\fotobuch.de AG
[2012.03.01 19:09:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\FreeFileSync
[2011.11.22 15:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\InfoRapid KnowledgeMap
[2009.05.20 13:12:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\IsolatedStorage
[2009.05.27 13:38:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Lexware
[2012.02.17 16:52:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\MediaMonkey
[2012.04.17 15:35:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\NASNaviator2
[2010.07.13 19:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Notepad++
[2009.06.11 09:35:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\OfficeUpdate12
[2012.06.27 11:44:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify
[2012.02.10 16:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\streamripper
[2010.12.02 11:19:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\TomTom
[2009.05.27 13:46:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2010.03.18 11:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotobuch.de AG
[2009.05.27 13:38:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2012.02.10 17:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MediaMonkey
[2010.11.18 15:48:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2010.12.02 11:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2011.04.18 14:49:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
 
========== Purity Check ==========
 
 < End of report >
         
--- --- ---
[/code]

GMER - Nach dem Scan von GMER erschien die Nachricht:
"GMER has found system modification, which might have been caused by ROOTKIT activity." Nach dem Speichern und Öffnen des Logs wurde GMER von Windows geschlossen, weil "ein Fehler festgestellt wurde".

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-28 08:13:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-e ST31000333AS rev.CC1H
Running: yqmpbmgg.exe; Driver: C:\DOKUME~1\admin\LOKALE~1\Temp\ugtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT            F7BD07DC                                                                          ZwClose
SSDT            F7BD0796                                                                          ZwCreateKey
SSDT            F7BD07E6                                                                          ZwCreateSection
SSDT            F7BD07BE                                                                          ZwCreateSymbolicLinkObject
SSDT            F7BD078C                                                                          ZwCreateThread
SSDT            F7BD079B                                                                          ZwDeleteKey
SSDT            F7BD07A5                                                                          ZwDeleteValueKey
SSDT            F7BD07D7                                                                          ZwDuplicateObject
SSDT            F7BD07C3                                                                          ZwLoadDriver
SSDT            F7BD07AA                                                                          ZwLoadKey
SSDT            F7BD0778                                                                          ZwOpenProcess
SSDT            F7BD07B9                                                                          ZwOpenSection
SSDT            F7BD077D                                                                          ZwOpenThread
SSDT            F7BD07FF                                                                          ZwQueryValueKey
SSDT            F7BD07B4                                                                          ZwReplaceKey
SSDT            F7BD07F0                                                                          ZwRequestWaitReplyPort
SSDT            F7BD07AF                                                                          ZwRestoreKey
SSDT            F7BD07EB                                                                          ZwSetContextThread
SSDT            F7BD07F5                                                                          ZwSetSecurityObject
SSDT            F7BD07C8                                                                          ZwSetSystemInformation
SSDT            F7BD07A0                                                                          ZwSetValueKey
SSDT            F7BD07FA                                                                          ZwSystemDebugControl
SSDT            F7BD0787                                                                          ZwTerminateProcess
SSDT            F7BD0782                                                                          ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                          section is writeable [0xF652B000, 0x235F87, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\Mozilla Firefox\firefox.exe[2480] ntdll.dll!LdrLoadDll               7C92632D 5 Bytes  JMP 0115FA35 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Programme\Mozilla Firefox\firefox.exe[2480] kernel32.dll!VirtualAlloc          7C809AF1 5 Bytes  JMP 014007C5 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Programme\Mozilla Firefox\firefox.exe[2480] kernel32.dll!MapViewOfFile         7C80B9A5 5 Bytes  JMP 0140079E C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Programme\Mozilla Firefox\firefox.exe[2480] GDI32.dll!CreateDIBSection         77EF9E19 5 Bytes  JMP 01400728 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                            symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                            symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                            symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
---- Processes - GMER 1.0.15 ----

Library         c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1156]  0x45670000                                                                                
Library         c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1804]          0x45670000                                                                                

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Anti-Malware
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.27.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
admin :: BUERO-1 [Administrator]

Schutz: Aktiviert

27.06.2012 10:14:19
mbam-log-2012-06-27 (11-32-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 344172
Laufzeit: 1 Stunde(n), 16 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bösartig: (\\.\globalroot\systemroot\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\n.) Gut: (wbemess.dll) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.
C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.

(Ende)
         
In der Posting Anleitung stand ich solle die "dds.txt" und "attach.txt" nach den Scans posten, die wurden aber weder von OTL noch von GMER erstellt. Ich habe noch ein Log von Avira und die Extras.txt von OTL, wenn das noch weiterhilft.

Log vom TDSSKiller:

Code:
ATTFilter
09:12:35.0265 4048	TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
09:12:35.0343 4048	============================================================
09:12:35.0343 4048	Current date / time: 2012/06/28 09:12:35.0343
09:12:35.0343 4048	SystemInfo:
09:12:35.0343 4048	
09:12:35.0343 4048	OS Version: 5.1.2600 ServicePack: 3.0
09:12:35.0343 4048	Product type: Workstation
09:12:35.0343 4048	ComputerName: BUERO-1
09:12:35.0343 4048	UserName: admin
09:12:35.0343 4048	Windows directory: C:\WINDOWS
09:12:35.0343 4048	System windows directory: C:\WINDOWS
09:12:35.0343 4048	Processor architecture: Intel x86
09:12:35.0343 4048	Number of processors: 2
09:12:35.0343 4048	Page size: 0x1000
09:12:35.0343 4048	Boot type: Normal boot
09:12:35.0343 4048	============================================================
09:12:37.0062 4048	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:12:37.0109 4048	Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:12:37.0187 4048	============================================================
09:12:37.0187 4048	\Device\Harddisk0\DR0:
09:12:37.0187 4048	MBR partitions:
09:12:37.0187 4048	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
09:12:37.0187 4048	\Device\Harddisk1\DR1:
09:12:37.0187 4048	MBR partitions:
09:12:37.0187 4048	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
09:12:37.0187 4048	============================================================
09:12:37.0234 4048	C: <-> \Device\Harddisk0\DR0\Partition0
09:12:37.0234 4048	D: <-> \Device\Harddisk1\DR1\Partition0
09:12:37.0234 4048	============================================================
09:12:37.0234 4048	Initialize success
09:12:37.0234 4048	============================================================
09:12:44.0484 3136	============================================================
09:12:44.0484 3136	Scan started
09:12:44.0484 3136	Mode: Manual; SigCheck; TDLFS; 
09:12:44.0484 3136	============================================================
09:12:44.0812 3136	Abiosdsk - ok
09:12:44.0812 3136	abp480n5 - ok
09:12:44.0843 3136	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:12:44.0984 3136	ACPI - ok
09:12:45.0015 3136	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:12:45.0093 3136	ACPIEC - ok
09:12:45.0156 3136	AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:12:45.0156 3136	AdobeFlashPlayerUpdateSvc - ok
09:12:45.0171 3136	adpu160m - ok
09:12:45.0187 3136	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:12:45.0250 3136	aec - ok
09:12:45.0265 3136	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:12:45.0296 3136	AFD - ok
09:12:45.0296 3136	Aha154x - ok
09:12:45.0296 3136	aic78u2 - ok
09:12:45.0296 3136	aic78xx - ok
09:12:45.0343 3136	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
09:12:45.0406 3136	Alerter - ok
09:12:45.0421 3136	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
09:12:45.0453 3136	ALG - ok
09:12:45.0453 3136	AliIde - ok
09:12:45.0515 3136	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
09:12:45.0906 3136	Ambfilt - ok
09:12:45.0937 3136	AmdK8 - ok
09:12:45.0953 3136	amsint - ok
09:12:46.0046 3136	AntiVirMailService (b9b5dfafea592bd4ca967824ebb42e3d) C:\Programme\Avira\AntiVir Desktop\avmailc.exe
09:12:46.0062 3136	AntiVirMailService - ok
09:12:46.0078 3136	AntiVirSchedulerService (67b1d78711b4386c26241096326ee14a) C:\Programme\Avira\AntiVir Desktop\sched.exe
09:12:46.0093 3136	AntiVirSchedulerService - ok
09:12:46.0109 3136	AntiVirService  (845c4e7ae211edad5e0b832126f56932) C:\Programme\Avira\AntiVir Desktop\avguard.exe
09:12:46.0109 3136	AntiVirService - ok
09:12:46.0156 3136	AntiVirWebService (30d71e0c149943a8985d02ea0944f2fe) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
09:12:46.0156 3136	AntiVirWebService - ok
09:12:46.0187 3136	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
09:12:46.0234 3136	AppMgmt - ok
09:12:46.0234 3136	asc - ok
09:12:46.0234 3136	asc3350p - ok
09:12:46.0250 3136	asc3550 - ok
09:12:46.0312 3136	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:12:46.0312 3136	aspnet_state - ok
09:12:46.0343 3136	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:12:46.0390 3136	AsyncMac - ok
09:12:46.0406 3136	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:12:46.0484 3136	atapi - ok
09:12:46.0484 3136	Atdisk - ok
09:12:46.0515 3136	Ati HotKey Poller (43c1105ca8492931b45f1a090fa562c8) C:\WINDOWS\system32\Ati2evxx.exe
09:12:46.0531 3136	Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning
09:12:46.0531 3136	Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)
09:12:46.0687 3136	ati2mtag        (c026951271d59ff97deb2a6b4895b416) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:12:46.0796 3136	ati2mtag ( UnsignedFile.Multi.Generic ) - warning
09:12:46.0796 3136	ati2mtag - detected UnsignedFile.Multi.Generic (1)
09:12:46.0921 3136	AtiHdmiService  (b9bc23b57765c167806a1feb7a3d16a6) C:\WINDOWS\system32\drivers\AtiHdmi.sys
09:12:46.0921 3136	AtiHdmiService - ok
09:12:46.0937 3136	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:12:47.0000 3136	Atmarpc - ok
09:12:47.0015 3136	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
09:12:47.0078 3136	AudioSrv - ok
09:12:47.0109 3136	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:12:47.0156 3136	audstub - ok
09:12:47.0171 3136	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
09:12:47.0187 3136	avgntflt - ok
09:12:47.0203 3136	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
09:12:47.0203 3136	avipbb - ok
09:12:47.0218 3136	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
09:12:47.0218 3136	avkmgr - ok
09:12:47.0234 3136	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:12:47.0281 3136	Beep - ok
09:12:47.0328 3136	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
09:12:47.0390 3136	BITS - ok
09:12:47.0406 3136	brfilt          (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
09:12:47.0468 3136	brfilt - ok
09:12:47.0484 3136	Brother XP spl Service (34f2f5b6a6d28b8fb872dfd57c5323ac) C:\WINDOWS\system32\brsvc01a.exe
09:12:47.0484 3136	Brother XP spl Service ( UnsignedFile.Multi.Generic ) - warning
09:12:47.0484 3136	Brother XP spl Service - detected UnsignedFile.Multi.Generic (1)
09:12:47.0500 3136	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
09:12:47.0562 3136	Browser - ok
09:12:47.0593 3136	brparimg        (e05d9eda91c1b2c4c4f6f5a6d5b14b58) C:\WINDOWS\system32\DRIVERS\BrParImg.sys
09:12:47.0640 3136	brparimg - ok
09:12:47.0687 3136	BrParWdm        (19ec96ac43413d39fdac0449b5879339) C:\WINDOWS\system32\Drivers\BrParwdm.sys
09:12:47.0718 3136	BrParWdm - ok
09:12:47.0734 3136	BrSerWDM        (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
09:12:47.0796 3136	BrSerWDM - ok
09:12:47.0812 3136	BrUsbMdm        (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
09:12:47.0859 3136	BrUsbMdm - ok
09:12:47.0875 3136	BrUsbScn        (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
09:12:47.0921 3136	BrUsbScn - ok
09:12:47.0968 3136	Cardex          (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS
09:12:47.0984 3136	Cardex - ok
09:12:48.0000 3136	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:12:48.0046 3136	cbidf2k - ok
09:12:48.0062 3136	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:12:48.0125 3136	CCDECODE - ok
09:12:48.0140 3136	cd20xrnt - ok
09:12:48.0140 3136	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:12:48.0203 3136	Cdaudio - ok
09:12:48.0203 3136	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:12:48.0265 3136	Cdfs - ok
09:12:48.0281 3136	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:12:48.0343 3136	Cdrom - ok
09:12:48.0343 3136	Changer - ok
09:12:48.0359 3136	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
09:12:48.0421 3136	CiSvc - ok
09:12:48.0437 3136	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
09:12:48.0484 3136	ClipSrv - ok
09:12:48.0562 3136	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:12:48.0578 3136	clr_optimization_v2.0.50727_32 - ok
09:12:48.0578 3136	CmdIde - ok
09:12:48.0578 3136	COMSysApp - ok
09:12:48.0593 3136	Cpqarray - ok
09:12:48.0609 3136	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
09:12:48.0656 3136	CryptSvc - ok
09:12:48.0671 3136	dac2w2k - ok
09:12:48.0671 3136	dac960nt - ok
09:12:48.0703 3136	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
09:12:48.0734 3136	DcomLaunch - ok
09:12:48.0734 3136	DgiVecp         (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
09:12:48.0750 3136	DgiVecp ( UnsignedFile.Multi.Generic ) - warning
09:12:48.0750 3136	DgiVecp - detected UnsignedFile.Multi.Generic (1)
09:12:48.0765 3136	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
09:12:48.0828 3136	Dhcp - ok
09:12:48.0828 3136	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:12:48.0890 3136	Disk - ok
09:12:48.0890 3136	dmadmin - ok
09:12:48.0921 3136	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
09:12:49.0000 3136	dmboot - ok
09:12:49.0015 3136	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
09:12:49.0062 3136	dmio - ok
09:12:49.0062 3136	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:12:49.0125 3136	dmload - ok
09:12:49.0125 3136	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
09:12:49.0187 3136	dmserver - ok
09:12:49.0218 3136	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:12:49.0265 3136	DMusic - ok
09:12:49.0281 3136	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
09:12:49.0312 3136	Dnscache - ok
09:12:49.0343 3136	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
09:12:49.0406 3136	Dot3svc - ok
09:12:49.0421 3136	dpti2o - ok
09:12:49.0421 3136	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:12:49.0468 3136	drmkaud - ok
09:12:49.0484 3136	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
09:12:49.0546 3136	EapHost - ok
09:12:49.0546 3136	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
09:12:49.0593 3136	ERSvc - ok
09:12:49.0625 3136	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
09:12:49.0625 3136	Eventlog - ok
09:12:49.0656 3136	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
09:12:49.0671 3136	EventSystem - ok
09:12:49.0703 3136	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:12:49.0750 3136	Fastfat - ok
09:12:49.0781 3136	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
09:12:49.0812 3136	FastUserSwitchingCompatibility - ok
09:12:49.0828 3136	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:12:49.0890 3136	Fdc - ok
09:12:49.0906 3136	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
09:12:49.0968 3136	Fips - ok
09:12:50.0093 3136	FLASHSYS        (d3d9311624edd435f42cda7eaa0a6aed) C:\Programme\MSI\Live Update 4\LU4\FLASHSYS.sys
09:12:50.0093 3136	FLASHSYS ( UnsignedFile.Multi.Generic ) - warning
09:12:50.0093 3136	FLASHSYS - detected UnsignedFile.Multi.Generic (1)
09:12:50.0109 3136	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:12:50.0171 3136	Flpydisk - ok
09:12:50.0218 3136	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:12:50.0265 3136	FltMgr - ok
09:12:50.0375 3136	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:12:50.0375 3136	FontCache3.0.0.0 - ok
09:12:50.0406 3136	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:12:50.0468 3136	Fs_Rec - ok
09:12:50.0468 3136	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:12:50.0531 3136	Ftdisk - ok
09:12:50.0546 3136	gdrv            (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
09:12:50.0562 3136	gdrv - ok
09:12:50.0578 3136	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:12:50.0578 3136	GEARAspiWDM - ok
09:12:50.0593 3136	GenericMount    (69f8f310654d699c7e5bd5c67279980f) C:\WINDOWS\system32\DRIVERS\GenericMount.sys
09:12:50.0609 3136	GenericMount - ok
09:12:50.0687 3136	GenericMount Helper Service (5f0f786d91087c0a76c3ef689a51ca48) C:\Programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
09:12:50.0718 3136	GenericMount Helper Service - ok
09:12:50.0734 3136	GMSIPCI - ok
09:12:50.0796 3136	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:12:50.0875 3136	Gpc - ok
09:12:50.0953 3136	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
09:12:50.0968 3136	gupdate - ok
09:12:50.0968 3136	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
09:12:50.0968 3136	gupdatem - ok
09:12:50.0984 3136	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:12:51.0062 3136	HDAudBus - ok
09:12:51.0109 3136	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:12:51.0171 3136	helpsvc - ok
09:12:51.0187 3136	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
09:12:51.0250 3136	HidServ - ok
09:12:51.0265 3136	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:12:51.0328 3136	hidusb - ok
09:12:51.0343 3136	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
09:12:51.0406 3136	hkmsvc - ok
09:12:51.0406 3136	hpn - ok
09:12:51.0437 3136	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:12:51.0468 3136	HTTP - ok
09:12:51.0484 3136	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
09:12:51.0546 3136	HTTPFilter - ok
09:12:51.0546 3136	i2omgmt - ok
09:12:51.0562 3136	i2omp - ok
09:12:51.0562 3136	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:12:51.0625 3136	i8042prt - ok
09:12:51.0781 3136	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:12:51.0796 3136	idsvc - ok
09:12:51.0812 3136	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:12:51.0859 3136	Imapi - ok
09:12:51.0890 3136	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
09:12:51.0953 3136	ImapiService - ok
09:12:51.0953 3136	ini910u - ok
09:12:52.0125 3136	IntcAzAudAddService (1f46c4aee30e8a2ec20011f2e64d367e) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:12:52.0250 3136	IntcAzAudAddService - ok
09:12:52.0328 3136	IntelIde - ok
09:12:52.0328 3136	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:12:52.0390 3136	intelppm - ok
09:12:52.0406 3136	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:12:52.0468 3136	Ip6Fw - ok
09:12:52.0484 3136	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:12:52.0531 3136	IpFilterDriver - ok
09:12:52.0531 3136	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:12:52.0593 3136	IpInIp - ok
09:12:52.0609 3136	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:12:52.0671 3136	IpNat - ok
09:12:52.0671 3136	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:12:52.0734 3136	IPSec - ok
09:12:52.0750 3136	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:12:52.0781 3136	IRENUM - ok
09:12:52.0796 3136	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:12:52.0859 3136	isapnp - ok
09:12:52.0921 3136	JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
09:12:52.0937 3136	JavaQuickStarterService - ok
09:12:52.0953 3136	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:12:53.0015 3136	Kbdclass - ok
09:12:53.0015 3136	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:12:53.0078 3136	kbdhid - ok
09:12:53.0109 3136	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:12:53.0171 3136	kmixer - ok
09:12:53.0187 3136	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:12:53.0218 3136	KSecDD - ok
09:12:53.0234 3136	L1c             (573337205057e22e13da1ffbc66a8aaf) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
09:12:53.0250 3136	L1c - ok
09:12:53.0281 3136	LanmanServer    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
09:12:53.0312 3136	LanmanServer - ok
09:12:53.0359 3136	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
09:12:53.0375 3136	lanmanworkstation - ok
09:12:53.0375 3136	lbrtfdc - ok
09:12:53.0546 3136	LiveUpdate      (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
09:12:53.0625 3136	LiveUpdate - ok
09:12:53.0750 3136	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
09:12:53.0796 3136	LmHosts - ok
09:12:53.0859 3136	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
09:12:53.0859 3136	MBAMProtector - ok
09:12:53.0953 3136	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
09:12:53.0968 3136	MBAMService - ok
09:12:54.0015 3136	MDM             (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
09:12:54.0031 3136	MDM - ok
09:12:54.0046 3136	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
09:12:54.0109 3136	Messenger - ok
09:12:54.0140 3136	mf              (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
09:12:54.0203 3136	mf - ok
09:12:54.0234 3136	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:12:54.0281 3136	mnmdd - ok
09:12:54.0328 3136	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
09:12:54.0390 3136	mnmsrvc - ok
09:12:54.0421 3136	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
09:12:54.0468 3136	Modem - ok
09:12:54.0531 3136	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
09:12:54.0562 3136	Monfilt - ok
09:12:54.0578 3136	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:12:54.0640 3136	Mouclass - ok
09:12:54.0640 3136	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:12:54.0703 3136	mouhid - ok
09:12:54.0718 3136	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:12:54.0781 3136	MountMgr - ok
09:12:54.0812 3136	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
09:12:54.0812 3136	MozillaMaintenance - ok
09:12:54.0828 3136	mraid35x - ok
09:12:54.0843 3136	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:12:54.0890 3136	MRxDAV - ok
09:12:54.0937 3136	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:12:54.0968 3136	MRxSmb - ok
09:12:55.0000 3136	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
09:12:55.0062 3136	MSDTC - ok
09:12:55.0062 3136	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:12:55.0125 3136	Msfs - ok
09:12:55.0125 3136	MSIServer - ok
09:12:55.0156 3136	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:12:55.0218 3136	MSKSSRV - ok
09:12:55.0234 3136	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:12:55.0281 3136	MSPCLOCK - ok
09:12:55.0296 3136	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:12:55.0343 3136	MSPQM - ok
09:12:55.0343 3136	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:12:55.0406 3136	mssmbios - ok
09:12:55.0437 3136	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:12:55.0484 3136	MSTEE - ok
09:12:55.0500 3136	MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
09:12:55.0531 3136	MTsensor - ok
09:12:55.0562 3136	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:12:55.0593 3136	Mup - ok
09:12:55.0625 3136	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:12:55.0671 3136	NABTSFEC - ok
09:12:55.0687 3136	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
09:12:55.0750 3136	napagent - ok
09:12:55.0765 3136	NasPmService - ok
09:12:55.0781 3136	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:12:55.0843 3136	NDIS - ok
09:12:55.0859 3136	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:12:55.0906 3136	NdisIP - ok
09:12:55.0984 3136	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:12:56.0000 3136	NdisTapi - ok
09:12:56.0015 3136	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:12:56.0078 3136	Ndisuio - ok
09:12:56.0093 3136	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:12:56.0140 3136	NdisWan - ok
09:12:56.0187 3136	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:12:56.0203 3136	NDProxy - ok
09:12:56.0218 3136	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:12:56.0265 3136	NetBIOS - ok
09:12:56.0281 3136	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:12:56.0343 3136	NetBT - ok
09:12:56.0359 3136	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
09:12:56.0406 3136	NetDDE - ok
09:12:56.0406 3136	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
09:12:56.0468 3136	NetDDEdsdm - ok
09:12:56.0484 3136	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:12:56.0531 3136	Netlogon - ok
09:12:56.0546 3136	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
09:12:56.0609 3136	Netman - ok
09:12:56.0734 3136	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:12:56.0734 3136	NetTcpPortSharing - ok
09:12:56.0765 3136	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
09:12:56.0781 3136	Nla - ok
09:12:56.0937 3136	Norton Ghost    (a1787754952a0b700e386dc7c5fa5726) C:\Programme\Norton Ghost\Agent\VProSvc.exe
09:12:57.0031 3136	Norton Ghost - ok
09:12:57.0140 3136	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:12:57.0203 3136	Npfs - ok
09:12:57.0203 3136	NTACCESS - ok
09:12:57.0234 3136	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:12:57.0296 3136	Ntfs - ok
09:12:57.0312 3136	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:12:57.0359 3136	NtLmSsp - ok
09:12:57.0406 3136	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
09:12:57.0453 3136	NtmsSvc - ok
09:12:57.0468 3136	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:12:57.0531 3136	Null - ok
09:12:57.0546 3136	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:12:57.0609 3136	NwlnkFlt - ok
09:12:57.0609 3136	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:12:57.0656 3136	NwlnkFwd - ok
09:12:57.0781 3136	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
09:12:57.0796 3136	odserv - ok
09:12:57.0812 3136	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
09:12:57.0828 3136	ose - ok
09:12:57.0953 3136	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:12:58.0062 3136	osppsvc - ok
09:12:58.0171 3136	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
09:12:58.0234 3136	Parport - ok
09:12:58.0250 3136	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:12:58.0312 3136	PartMgr - ok
09:12:58.0328 3136	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
09:12:58.0390 3136	ParVdm - ok
09:12:58.0406 3136	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
09:12:58.0468 3136	PCI - ok
09:12:58.0468 3136	PCIDump - ok
09:12:58.0468 3136	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:12:58.0531 3136	PCIIde - ok
09:12:58.0546 3136	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:12:58.0609 3136	Pcmcia - ok
09:12:58.0609 3136	PDCOMP - ok
09:12:58.0609 3136	PDFRAME - ok
09:12:58.0609 3136	PDRELI - ok
09:12:58.0625 3136	PDRFRAME - ok
09:12:58.0625 3136	perc2 - ok
09:12:58.0625 3136	perc2hib - ok
09:12:58.0671 3136	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
09:12:58.0671 3136	PlugPlay - ok
09:12:58.0671 3136	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:12:58.0734 3136	PolicyAgent - ok
09:12:58.0750 3136	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:12:58.0796 3136	PptpMiniport - ok
09:12:58.0828 3136	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
09:12:58.0890 3136	Processor - ok
09:12:58.0890 3136	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:12:58.0937 3136	ProtectedStorage - ok
09:12:58.0953 3136	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:12:59.0015 3136	PSched - ok
09:12:59.0031 3136	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:12:59.0078 3136	Ptilink - ok
09:12:59.0093 3136	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:12:59.0093 3136	PxHelp20 - ok
09:12:59.0109 3136	ql1080 - ok
09:12:59.0109 3136	Ql10wnt - ok
09:12:59.0109 3136	ql12160 - ok
09:12:59.0109 3136	ql1240 - ok
09:12:59.0125 3136	ql1280 - ok
09:12:59.0140 3136	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:12:59.0187 3136	RasAcd - ok
09:12:59.0203 3136	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
09:12:59.0265 3136	RasAuto - ok
09:12:59.0265 3136	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:12:59.0328 3136	Rasl2tp - ok
09:12:59.0343 3136	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
09:12:59.0390 3136	RasMan - ok
09:12:59.0406 3136	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:12:59.0453 3136	RasPppoe - ok
09:12:59.0453 3136	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:12:59.0515 3136	Raspti - ok
09:12:59.0531 3136	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:12:59.0578 3136	Rdbss - ok
09:12:59.0578 3136	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:12:59.0640 3136	RDPCDD - ok
09:12:59.0671 3136	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:12:59.0718 3136	rdpdr - ok
09:12:59.0750 3136	RDPWD           (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
09:12:59.0781 3136	RDPWD - ok
09:12:59.0796 3136	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
09:12:59.0843 3136	RDSessMgr - ok
09:12:59.0859 3136	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:12:59.0906 3136	redbook - ok
09:12:59.0937 3136	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
09:12:59.0984 3136	RemoteAccess - ok
09:13:00.0000 3136	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
09:13:00.0062 3136	RemoteRegistry - ok
09:13:00.0062 3136	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
09:13:00.0125 3136	RpcLocator - ok
09:13:00.0156 3136	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
09:13:00.0171 3136	RpcSs - ok
09:13:00.0187 3136	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
09:13:00.0234 3136	RSVP - ok
09:13:00.0265 3136	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:13:00.0312 3136	SamSs - ok
09:13:00.0328 3136	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
09:13:00.0390 3136	SCardSvr - ok
09:13:00.0406 3136	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
09:13:00.0453 3136	Schedule - ok
09:13:00.0468 3136	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:13:00.0500 3136	Secdrv - ok
09:13:00.0500 3136	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
09:13:00.0562 3136	seclogon - ok
09:13:00.0562 3136	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
09:13:00.0625 3136	SENS - ok
09:13:00.0625 3136	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:13:00.0671 3136	serenum - ok
09:13:00.0687 3136	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
09:13:00.0734 3136	Serial - ok
09:13:00.0750 3136	SetupNTGLM7X - ok
09:13:00.0750 3136	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:13:00.0812 3136	Sfloppy - ok
09:13:00.0843 3136	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
09:13:00.0843 3136	ShellHWDetection - ok
09:13:00.0843 3136	Simbad - ok
09:13:00.0875 3136	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:13:00.0921 3136	SLIP - ok
09:13:00.0937 3136	Sparrow - ok
09:13:00.0968 3136	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:13:01.0015 3136	splitter - ok
09:13:01.0031 3136	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:13:01.0062 3136	Spooler - ok
09:13:01.0078 3136	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
09:13:01.0109 3136	sr - ok
09:13:01.0125 3136	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
09:13:01.0156 3136	srservice - ok
09:13:01.0171 3136	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:13:01.0203 3136	Srv - ok
09:13:01.0265 3136	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
09:13:01.0296 3136	SSDPSRV - ok
09:13:01.0312 3136	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:13:01.0312 3136	ssmdrv - ok
09:13:01.0312 3136	SSPORT - ok
09:13:01.0343 3136	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
09:13:01.0390 3136	stisvc - ok
09:13:01.0421 3136	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:13:01.0468 3136	streamip - ok
09:13:01.0484 3136	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:13:01.0546 3136	swenum - ok
09:13:01.0562 3136	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:13:01.0609 3136	swmidi - ok
09:13:01.0609 3136	SwPrv - ok
09:13:01.0625 3136	Symantec SymSnap VSS Provider - ok
09:13:01.0625 3136	symc810 - ok
09:13:01.0625 3136	symc8xx - ok
09:13:01.0640 3136	symsnap         (a5cf31080e99718949bcc38c83f13452) C:\WINDOWS\system32\DRIVERS\symsnap.sys
09:13:01.0656 3136	symsnap - ok
09:13:01.0765 3136	SymSnapService  (21ff886e6f679fc1eb352f231e846357) C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe
09:13:01.0812 3136	SymSnapService - ok
09:13:01.0906 3136	sym_hi - ok
09:13:01.0906 3136	sym_u3 - ok
09:13:01.0937 3136	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:13:01.0984 3136	sysaudio - ok
09:13:02.0000 3136	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
09:13:02.0062 3136	SysmonLog - ok
09:13:02.0078 3136	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
09:13:02.0140 3136	TapiSrv - ok
09:13:02.0171 3136	TBPanel         (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys
09:13:02.0171 3136	TBPanel - ok
09:13:02.0218 3136	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:13:02.0234 3136	Tcpip - ok
09:13:02.0250 3136	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:13:02.0296 3136	TDPIPE - ok
09:13:02.0328 3136	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:13:02.0375 3136	TDTCP - ok
09:13:02.0390 3136	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:13:02.0437 3136	TermDD - ok
09:13:02.0468 3136	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
09:13:02.0531 3136	TermService - ok
09:13:02.0562 3136	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
09:13:02.0562 3136	Themes - ok
09:13:02.0593 3136	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
09:13:02.0625 3136	TlntSvr - ok
09:13:02.0687 3136	TomTomHOMEService (747e60b773e95f6c93d5621b550d6865) C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
09:13:02.0703 3136	TomTomHOMEService - ok
09:13:02.0703 3136	TosIde - ok
09:13:02.0718 3136	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
09:13:02.0765 3136	TrkWks - ok
09:13:02.0796 3136	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:13:02.0859 3136	Udfs - ok
09:13:02.0859 3136	ultra - ok
09:13:02.0890 3136	UMWdf           (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
09:13:02.0921 3136	UMWdf - ok
09:13:02.0953 3136	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:13:03.0015 3136	Update - ok
09:13:03.0046 3136	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
09:13:03.0078 3136	upnphost - ok
09:13:03.0093 3136	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
09:13:03.0140 3136	UPS - ok
09:13:03.0187 3136	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:13:03.0234 3136	usbccgp - ok
09:13:03.0265 3136	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:13:03.0312 3136	usbehci - ok
09:13:03.0328 3136	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:13:03.0390 3136	usbhub - ok
09:13:03.0406 3136	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:13:03.0468 3136	usbohci - ok
09:13:03.0484 3136	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:13:03.0531 3136	usbprint - ok
09:13:03.0562 3136	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:13:03.0625 3136	usbscan - ok
09:13:03.0640 3136	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:13:03.0703 3136	USBSTOR - ok
09:13:03.0703 3136	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:13:03.0750 3136	usbuhci - ok
09:13:03.0765 3136	v2imount        (b4d63048d6358e7c6ab61b98b8cff263) C:\WINDOWS\system32\DRIVERS\v2imount.sys
09:13:03.0781 3136	v2imount - ok
09:13:03.0796 3136	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:13:03.0859 3136	VgaSave - ok
09:13:03.0859 3136	ViaIde - ok
09:13:03.0890 3136	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
09:13:03.0937 3136	VolSnap - ok
09:13:03.0968 3136	VProEventMonitor (ef3506b04eb9124240b35148eaacbaa5) C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys
09:13:03.0984 3136	VProEventMonitor - ok
09:13:04.0000 3136	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
09:13:04.0031 3136	VSS - ok
09:13:04.0046 3136	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
09:13:04.0093 3136	W32Time - ok
09:13:04.0109 3136	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:13:04.0156 3136	Wanarp - ok
09:13:04.0187 3136	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:13:04.0187 3136	Wdf01000 - ok
09:13:04.0203 3136	WDICA - ok
09:13:04.0234 3136	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:13:04.0281 3136	wdmaud - ok
09:13:04.0312 3136	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
09:13:04.0359 3136	WebClient - ok
09:13:04.0390 3136	WimFltr         (090a2b8f055343815556a01f725f6c35) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
09:13:04.0390 3136	WimFltr - ok
09:13:04.0453 3136	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:13:04.0515 3136	winmgmt - ok
09:13:04.0546 3136	WmdmPmSN        (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
09:13:04.0578 3136	WmdmPmSN - ok
09:13:04.0625 3136	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
09:13:04.0640 3136	Wmi - ok
09:13:04.0671 3136	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:13:04.0734 3136	WmiApSrv - ok
09:13:04.0750 3136	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:13:04.0796 3136	WS2IFSL - ok
09:13:04.0828 3136	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:13:04.0875 3136	WSTCODEC - ok
09:13:04.0890 3136	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
09:13:04.0953 3136	wuauserv - ok
09:13:05.0000 3136	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
09:13:05.0062 3136	WZCSVC - ok
09:13:05.0078 3136	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
09:13:05.0140 3136	xmlprov - ok
09:13:05.0156 3136	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
09:13:05.0484 3136	\Device\Harddisk0\DR0 - ok
09:13:05.0500 3136	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
09:13:05.0593 3136	\Device\Harddisk1\DR1 - ok
09:13:05.0593 3136	Boot (0x1200)   (868e012d973accae0d1592423c8d42ba) \Device\Harddisk0\DR0\Partition0
09:13:05.0593 3136	\Device\Harddisk0\DR0\Partition0 - ok
09:13:05.0593 3136	Boot (0x1200)   (7c30346982fc42fe47caf34a0f71cfd0) \Device\Harddisk1\DR1\Partition0
09:13:05.0593 3136	\Device\Harddisk1\DR1\Partition0 - ok
09:13:05.0593 3136	============================================================
09:13:05.0593 3136	Scan finished
09:13:05.0593 3136	============================================================
09:13:05.0703 1036	Detected object count: 5
09:13:05.0703 1036	Actual detected object count: 5
09:13:25.0250 1036	Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user
09:13:25.0250 1036	Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:13:25.0265 1036	ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
09:13:25.0265 1036	ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:13:25.0265 1036	Brother XP spl Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:13:25.0265 1036	Brother XP spl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:13:25.0265 1036	DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
09:13:25.0265 1036	DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:13:25.0265 1036	FLASHSYS ( UnsignedFile.Multi.Generic ) - skipped by user
09:13:25.0265 1036	FLASHSYS ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Geändert von juzi74 (28.06.2012 um 08:15 Uhr)

Alt 28.06.2012, 09:12   #2
Chris4You
 
TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität - Standard

TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität



Hi,

für Firmenrechner machen wir hier eigentlich nichts, das ist der Sysadmin zuständig...
Ist doch ein Firmenrechner oder? ;o)

chris
__________________

__________________

Alt 28.06.2012, 09:19   #3
juzi74
 
TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität - Standard

TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität



Das ist ein Büro Rechner eines gemeinnützigen Vereins, Träger eines Jugendzentrums... Einen SysAdmin gibts hier leider nicht, das wäre zu schön
__________________

Alt 28.06.2012, 09:45   #4
Chris4You
 
TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität - Standard

TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität



Hi,

MAM alles bereinigen lassen und ein neues OTL-Log erstellen&posten...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 28.06.2012, 10:24   #5
juzi74
 
TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität - Standard

TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität



Vielen Dank schonmal im voraus für die Hilfe...

Folgendes habe ich gemacht, einige Merkwürdigkeiten liefen dabei ab:

1. Quick Scan mit MAM gestartet --> 5 infizierte Objekte
2. Entferne Auswahl geklickt
3. MAM fordert Neustart

4. Nach dem Neustart meldet MAM erneut Fund von Trojan Sirefef und Rootkit.0ACCESS. Habe auf Quarnatäne geklickt. Avira meldet ebenfalls 2 Funde.

4. MAM + AVIRA deaktivert und OTL Quick Scan gestartet. Während des Scans meldet MAM zweimal beim Systray: "Zugang zu einer potenziell gefährlichen Webseite gestoppt" 89.28.19.174 und 109.236.84.71

5. Nach dem Scan AVIRA und MAM wieder aktiviert, Firefox gestartet.

6. Beim Schreiben dieses Textes öffnet sich ein Fenster "Datenausführungsverhinderung: Editor wird aus Sicherheitgründen geschlossen" (Die Log Datei war im Hintergrund noch geöffnet.)

Hier das LOG des letzten OTL Scans:

Code:
ATTFilter
OTL logfile created on: 28.06.2012 11:07:34 - Run 2
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Dokumente und Einstellungen\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 75,44% Memory free
5,34 Gb Paging File | 4,52 Gb Available in Paging File | 84,69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 931,50 Gb Total Space | 899,11 Gb Free Space | 96,52% Space Free | Partition Type: NTFS
Drive D: | 931,50 Gb Total Space | 651,39 Gb Free Space | 69,93% Space Free | Partition Type: NTFS
 
Computer Name: BUERO-1 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.27 11:19:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe
PRC - [2012.05.14 16:03:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.14 16:03:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.14 16:03:03 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2012.05.14 16:03:03 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 16:03:03 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.14 16:03:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.14 16:03:03 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.04 16:05:46 | 000,932,528 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.12.09 19:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2011.10.31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe
PRC - [2011.10.27 11:17:20 | 001,927,120 | ---- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\NasNavi.exe
PRC - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.03.03 19:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProTray.exe
PRC - [2010.03.03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProSvc.exe
PRC - [2009.09.21 20:19:20 | 001,964,528 | ---- | M] (Symantec) -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2009.05.15 10:37:00 | 000,206,128 | ---- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\nassche.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.11 02:17:30 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2001.08.18 04:54:46 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfRsmg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 08:56:45 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.14 08:15:20 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.14 08:14:27 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.13 13:31:18 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.05.14 16:03:04 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.05.11 12:49:16 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.11 12:49:01 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.05.10 14:43:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.10 14:42:39 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.10 14:42:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.05.04 16:05:46 | 000,932,528 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.03.14 18:18:51 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3748.36848__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011.03.14 18:18:51 | 000,380,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3748.36826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:51 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011.03.14 18:18:51 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:51 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:51 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:51 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:51 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3748.36875__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011.03.14 18:18:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:50 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:50 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TutorialInfoCentre.Graphics.Dashboard\2.0.3748.36964__90ba9c70f846762e\CLI.Aspect.TutorialInfoCentre.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011.03.14 18:18:50 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3748.36931__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:50 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:50 | 000,013,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:50 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:49 | 000,655,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3748.36942__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:49 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:48 | 000,856,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3748.36878__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:48 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3748.36851__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:48 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3748.36900__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011.03.14 18:18:48 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3748.36838__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:48 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:48 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3748.36855__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:47 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:47 | 000,376,832 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3748.36871__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:47 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.03.14 18:18:47 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:47 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:47 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3748.36884__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011.03.14 18:18:47 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3748.36820__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.03.14 18:18:47 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3748.36817__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.03.14 18:18:47 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011.03.14 18:18:47 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011.03.14 18:18:47 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011.03.14 18:18:46 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3748.36815__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.03.14 18:18:46 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3748.36816__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.03.14 18:18:46 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011.03.14 18:18:46 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3748.36928__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.03.14 18:18:46 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3748.36819__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.03.14 18:18:46 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3748.36826__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3748.36819__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3748.36816__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.03.14 18:18:45 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.03.14 18:18:45 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3748.36923__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.03.14 18:18:45 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2011.03.14 18:18:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,009,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3748.36817__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.03.14 18:18:45 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3748.36825__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.03.14 18:18:45 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3748.36820__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3748.36867__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3748.36882__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3748.36825__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011.03.14 18:18:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3748.36817__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011.03.14 18:18:44 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3748.36822__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.03.14 18:18:43 | 000,741,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3748.36957__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011.03.14 18:18:43 | 000,577,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3748.36917__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011.03.14 18:18:43 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.03.14 18:18:43 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3748.36923__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.03.14 18:18:43 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3748.36921__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.03.14 18:18:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.03.14 18:18:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3748.36820__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.03.14 18:18:43 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3748.36818__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.03.14 18:18:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3748.36819__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.03.14 18:18:43 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011.03.14 18:18:43 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011.03.14 18:18:43 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3748.36842__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.03.14 18:18:43 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3748.36824__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011.03.14 18:18:43 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3748.36822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011.03.14 18:18:42 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3748.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011.03.14 18:18:42 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3748.36824__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.03.14 18:18:42 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3748.36825__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011.03.14 18:18:42 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3748.36821__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.03.14 18:18:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3748.36830__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.03.14 18:18:42 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3748.36831__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.03.14 18:18:41 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3748.36823__90ba9c70f846762e\APM.Server.dll
MOD - [2011.03.14 18:18:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3748.36822__90ba9c70f846762e\AEM.Server.dll
MOD - [2011.03.14 18:18:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011.03.14 18:18:41 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3748.36923__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.03.14 18:18:41 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3748.36849__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010.01.08 15:15:34 | 001,552,384 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009.05.26 20:15:36 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.05.26 20:15:35 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2008.02.11 02:17:30 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
MOD - [2007.06.03 09:46:31 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\cl66cl3.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.25 13:46:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.22 12:26:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.14 16:03:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 16:03:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.14 16:03:03 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 16:03:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.03.03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010.02.12 07:09:06 | 001,574,408 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.09.21 20:19:20 | 001,964,528 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\AmdK8.sys -- (AmdK8)
DRV - [2012.05.14 16:03:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.14 16:03:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.11 16:06:12 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.20 10:44:24 | 006,026,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.04.08 10:11:36 | 000,101,904 | R--- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.04.07 04:42:04 | 004,687,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.02.12 07:10:12 | 000,057,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2009.11.18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.10.01 22:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.09.21 20:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2009.09.21 20:20:42 | 000,138,592 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap)
DRV - [2009.09.04 07:46:08 | 000,045,056 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009.05.27 13:24:29 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008.04.14 08:03:54 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008.01.19 19:45:40 | 000,038,112 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount)
DRV - [2007.12.14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006.11.24 04:34:54 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001.08.18 05:21:04 | 000,039,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParwdm.sys -- (BrParWdm) Brother WDM-Treiber (parallel)
DRV - [2001.08.17 14:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParImg.sys -- (brparimg)
DRV - [2001.08.17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn) Brother MFC-Scannertreiber (USB)
DRV - [2001.08.17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://groupware.vfs-langenhagen.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.22 12:26:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.13 15:39:36 | 000,000,000 | ---D | M]
 
[2010.12.02 11:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Extensions
[2010.12.02 11:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.05.02 14:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yx8gn338.default\extensions
[2010.07.02 14:23:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yx8gn338.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.06.08 14:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Sunbird\Profiles\6iyd0i52.default\extensions
[2012.05.04 14:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.14 14:17:48 | 000,709,293 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\YX8GN338.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.06.22 12:26:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.11 13:12:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2012.06.22 12:26:20 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.22 12:26:20 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.22 12:26:20 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.22 12:26:20 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 12:26:20 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 12:26:20 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2001.08.31 23:23:36 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Programme\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\BUFFALO NAS Navigator2.lnk = C:\Programme\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\NAS Scheduler.lnk = C:\Programme\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Quicken 2009 Zahlungserinnerung.lnk = C:\Programme\Quicken\2009\billmind.exe (Lexware GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 80
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99277728-F2C2-46E7-B3A0-2E8743EA09DC}: NameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.05.19 18:28:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{112181fa-a3a1-11df-9df5-00241d126e9d}\Shell - "" = AutoRun
O33 - MountPoints2\{112181fa-a3a1-11df-9df5-00241d126e9d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{112181fa-a3a1-11df-9df5-00241d126e9d}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Bin\Assetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.28 10:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2012.06.28 09:07:11 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\admin\Desktop\TDSSKiller.exe
[2012.06.27 11:41:20 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe
[2012.06.27 10:13:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Malwarebytes
[2012.06.27 10:13:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.06.27 10:13:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.27 10:13:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.06.27 10:13:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.06.27 09:50:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2012.06.04 13:03:02 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[2012.05.31 10:29:28 | 000,000,000 | ---D | C] -- C:\Programme\Canon
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.28 11:12:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.28 11:03:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.28 11:03:21 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.28 11:03:18 | 000,002,644 | ---- | M] () -- C:\WINDOWS\BRMFBIDI.INI
[2012.06.28 11:03:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.28 11:02:39 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2012.06.28 10:46:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.27 11:40:37 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\defogger_reenable
[2012.06.27 11:19:52 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\yqmpbmgg.exe
[2012.06.27 11:19:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe
[2012.06.27 10:13:33 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.25 21:19:12 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\admin\Desktop\TDSSKiller.exe
[2012.06.21 09:39:37 | 000,035,328 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.14 08:13:18 | 000,377,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.13 13:31:31 | 000,499,742 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.13 13:31:31 | 000,475,446 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.13 13:31:31 | 000,101,642 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.13 13:31:31 | 000,084,976 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.13 13:28:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.04 13:03:10 | 000,001,034 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\Dropbox.lnk
[2012.06.04 13:02:54 | 000,001,026 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Dropbox.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.28 11:08:42 | 000,018,944 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\800000cb.@
[2012.06.28 11:08:42 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\80000000.@
[2012.06.28 11:04:26 | 000,001,648 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\00000001.@
[2012.06.27 11:57:29 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\yqmpbmgg.exe
[2012.06.27 11:40:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\defogger_reenable
[2012.06.27 10:13:33 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.17 15:34:08 | 000,015,022 | ---- | C] () -- C:\WINDOWS\UN060501.INI
[2012.02.15 16:17:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.31 18:12:44 | 000,001,040 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\advanced_ip_scanner_MAC.bin
[2011.07.08 15:19:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011.05.12 13:43:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.04.26 17:09:48 | 000,000,019 | ---- | C] () -- C:\WINDOWS\QwTools.INI
[2011.03.14 18:17:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.03.14 18:17:24 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.03.14 18:17:24 | 000,202,234 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.03.14 18:17:24 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.03.14 18:17:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2011.03.14 18:17:00 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2011.03.14 17:44:23 | 000,021,536 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011.03.14 17:44:22 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011.03.14 17:37:13 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011.03.14 17:33:00 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010.12.02 14:18:46 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage3.dll
[2010.12.02 14:18:46 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2010.12.02 14:18:46 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2010.12.02 14:18:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe
[2010.12.02 13:54:19 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SW_Win9423X24.DLL
[2010.11.18 15:49:18 | 000,000,374 | ---- | C] () -- C:\WINDOWS\capture.ini
[2010.08.20 11:45:47 | 000,000,014 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\usb001
[2010.07.27 23:16:22 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_9880.ini
[2010.07.27 23:16:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010.07.22 22:02:00 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD5250DN.DAT
[2010.06.11 15:46:23 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2009.07.02 11:03:38 | 000,013,017 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Kommagetrennte Werte (Windows).CAL
[2009.06.05 13:53:36 | 000,035,328 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.27 15:31:59 | 000,000,512 | ---- | C] () -- C:\Programme\hbedv.key
[2009.05.27 13:39:16 | 003,211,264 | ---- | C] () -- C:\Programme\Gemeinsame DateienDDBACSetup.msi
[2009.05.20 13:12:06 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.04.14 07:51:54 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@
[2008.04.14 07:51:54 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@
 
========== LOP Check ==========
 
[2009.05.27 13:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Buhl Data Service
[2010.11.15 14:07:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Buhl Data Service GmbH
[2012.02.21 16:59:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\DL
[2012.06.28 11:03:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox
[2012.06.13 13:22:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\FileZilla
[2010.03.18 11:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\fotobuch.de AG
[2012.03.01 19:09:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\FreeFileSync
[2011.11.22 15:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\InfoRapid KnowledgeMap
[2009.05.20 13:12:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\IsolatedStorage
[2009.05.27 13:38:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Lexware
[2012.02.17 16:52:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\MediaMonkey
[2012.04.17 15:35:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\NASNaviator2
[2010.07.13 19:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Notepad++
[2009.06.11 09:35:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\OfficeUpdate12
[2012.06.27 11:57:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Spotify
[2012.02.10 16:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\streamripper
[2010.12.02 11:19:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\TomTom
[2009.05.27 13:46:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2010.03.18 11:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotobuch.de AG
[2009.05.27 13:38:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2012.02.10 17:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MediaMonkey
[2010.11.18 15:48:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2010.12.02 11:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2011.04.18 14:49:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
 
========== Purity Check ==========
 
 

< End of report >
         


Alt 28.06.2012, 10:34   #6
Chris4You
 
TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität - Standard

TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität



Hi,

ComboFix (s. U.) runterladen, aber nicht starten...

Script für OTL abfahren, offline gehen, Rechner in den abgesicherten Modus (F8 beim Booten) hochfahren, dann offline CF starten..

Danach immer noch Offline ein Fullscan mit MAM.

Alle Logs sichern, danach online gehen und posten, ebenfalls ein neues OTL-Log erstellen und posten...

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
[2008.04.14 07:51:54 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@
[2008.04.14 07:51:54 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@
[2012.06.28 11:08:42 | 000,018,944 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\800000cb.@
[2012.06.28 11:08:42 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\80000000.@
[2012.06.28 11:04:26 | 000,001,648 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\00000001.@
[2012.06.27 11:57:29 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\yqmpbmgg.exe

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

chris
__________________
--> TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität

Alt 28.06.2012, 11:09   #7
juzi74
 
TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität - Standard

TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität



Ich habe OTL gestartet und den Code in die Benutzerdefinierten Scans/Fixes kopiert, dann auf FIX geklickt. Jetzt steht in der Statusbar unten bei OTL sein bald 15 Minuten "Killing processes. DO NOT INTERRUPT...". Ist das richtig, dass der Killing process so lange dauert? Avira ist derweil auch wieder aufgepoppt, kann es sein das Avira da im Wege ist?

Nun steht auch "Keine Rückmeldung" oben im OTL Fenster-Rahmen. Was tun?

Habe den PC resettet, reagierte gar nicht mehr. Neustart, Fundmeldungen MAM + Aivra, beide deaktiviert, OTL gestartet, Code reinkopiert, Fix. Und das selbe wieder. MAM pop in der Taskbar auf, kann aber nicht sehen was für eine Meldung das ist, es macht pling und alles steht. In OTL steht "Killing processes...", Task Manager lässt sich nicht öffnen.


Alt 28.06.2012, 12:27   #8
Chris4You
 
TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität - Standard

TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität



Hi,

in den abgesicherten Modus booten (F8 beim booten), dann die Scanner deaktivieren und noch mal probieren...

Funzt das nicht, dann CF im abgesicherten Modus von der Leine lassen!

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 28.06.2012, 13:52   #9
juzi74
 
TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität - Standard

TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität



Habe im abges. Modus OTL die Files fixen lassen und Combofix ist im abgesicherten Modus durchgelaufen, hat aber vor dem Scan gemeckert, dass Avira Desktop Echzeit Scanner noch aktiv wäre. War aber definitv nicht im Systray und auch nicht als Prozess im Task Manager auszumachen.

Dann kam noch die Nachricht, dass keine Wiederherstellungskonsole vorhanden sei (runterladen ging nicht, war ja im abgesi. Modus ohne I-Net) und deswegen u.U. nicht intensiv gescannt werden könnte, habe trotzdem fortsetzen geklickt.

Logs folgen erst morgen, weil momentan der MAM Fulscan läuft und ich gleich weg muss. Bis hierhin aber schon mal besten Dank für Deine Hilfe!



Hallo, nach dem Neustart gab es keinen Alarm von Avira oder MAM.

Hier die Logs:

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\WINDOWS\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@ moved successfully.
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\@ moved successfully.
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\800000cb.@ moved successfully.
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\80000000.@ moved successfully.
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\00000001.@ moved successfully.
C:\Dokumente und Einstellungen\admin\Desktop\yqmpbmgg.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: admin
->Temp folder emptied: 297403564 bytes
->Temporary Internet Files folder emptied: 139755698 bytes
->Java cache emptied: 33952315 bytes
->FireFox cache emptied: 673529797 bytes
->Flash cache emptied: 3598 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2264730 bytes
->Flash cache emptied: 405 bytes
 
User: Mitarbeiter
->Temp folder emptied: 1464403 bytes
->Temporary Internet Files folder emptied: 538488 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52130285 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6037163 bytes
 
User: Sascha
->Temp folder emptied: 6220770 bytes
->Temporary Internet Files folder emptied: 276377 bytes
->Java cache emptied: 84540735 bytes
->FireFox cache emptied: 103291946 bytes
->Flash cache emptied: 3466 bytes
 
User: Vorlagen
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 24514567 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12324617 bytes
RecycleBin emptied: 12125029 bytes
 
Total Files Cleaned = 1.385,00 mb
 
 
OTL by OldTimer - Version 3.2.53.0 log created on 06282012_135220
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.27.04

Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus)
Internet Explorer 8.0.6001.18702
admin :: BUERO-1 [Administrator]

Schutz: Deaktiviert

28.06.2012 14:38:47
mbam-log-2012-06-29 (13-32-26).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 344995
Laufzeit: 1 Stunde(n), 8 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\n.vir (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\06282012_135220\C_Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\06282012_135220\C_Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\06282012_135220\C_Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)
         
Und Combofix

Code:
ATTFilter
ComboFix 12-06-28.01 - admin 28.06.2012  14:13:42.1.2 - x86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3583.3278 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\admin\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}
c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{70a8dcb3-c11d-4638-7c77-abdd5848af91}\n
c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\assembly\tmp
c:\dokumente und einstellungen\admin\WINDOWS
c:\windows\Installer\{70a8dcb3-c11d-4638-7c77-abdd5848af91}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-28 bis 2012-06-28  ))))))))))))))))))))))))))))))
.
.
2012-06-28 09:45 . 2012-06-28 09:45	--------	d-----w-	C:\_OTL
2012-06-28 08:58 . 2012-06-28 08:58	--------	d-----r-	c:\dokumente und einstellungen\NetworkService\Favoriten
2012-06-27 08:13 . 2012-06-27 08:13	--------	d-----w-	c:\dokumente und einstellungen\admin\Anwendungsdaten\Malwarebytes
2012-06-27 08:13 . 2012-06-27 08:13	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-06-27 08:13 . 2012-06-27 08:13	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-27 08:13 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-22 10:26 . 2012-06-22 10:26	770384	----a-w-	c:\programme\Mozilla Firefox\msvcr100.dll
2012-06-22 10:26 . 2012-06-22 10:26	421200	----a-w-	c:\programme\Mozilla Firefox\msvcp100.dll
2012-06-13 07:45 . 2012-05-11 14:40	521728	-c----w-	c:\windows\system32\dllcache\jsdbgui.dll
2012-06-04 11:03 . 2012-06-04 11:03	--------	d-----w-	c:\programme\Dropbox
2012-05-31 08:29 . 2012-05-31 08:29	--------	d-----w-	c:\programme\Canon
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 11:46 . 2012-04-02 10:53	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-25 11:46 . 2011-05-19 06:43	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2009-05-19 16:27	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-05-19 16:27	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-05-19 16:27	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-10-16 12:08	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 12:07	18456	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-05-19 16:27	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-05-19 16:27	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-10-16 12:09	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 12:08	15896	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-04-14 05:52	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-16 12:08	23576	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-05-19 16:27	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-05-19 16:27	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2009-12-03 07:43	275696	----a-w-	c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-12-03 07:43	214256	----a-w-	c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2009-12-03 07:43	18160	----a-w-	c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 05:52	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2008-04-14 05:52	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2008-04-14 05:23	1863296	----a-w-	c:\windows\system32\win32k.sys
2012-05-14 14:03 . 2012-02-09 13:57	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-14 14:03 . 2012-02-09 13:57	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-11 14:40 . 2008-04-14 05:53	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 14:40 . 2008-04-14 05:52	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2008-04-14 05:25	385024	----a-w-	c:\windows\system32\html.iec
2012-05-05 03:14 . 2008-04-14 07:30	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2008-04-14 05:29	2150912	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2009-05-19 16:25	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-11 11:12 . 2012-04-11 11:12	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-04-11 11:12 . 2010-07-01 10:27	472808	----a-w-	c:\windows\system32\deployJava1.dll
2009-10-13 10:56 . 2009-05-27 11:39	3211264	----a-w-	c:\programme\Gemeinsame DateienDDBACSetup.msi
2012-06-22 10:26 . 2011-03-29 10:55	85472	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06	163328	--sha-r-	c:\windows\system32\flvDX.dll
2007-02-21 10:47	31232	--sha-r-	c:\windows\system32\msfDX.dll
2008-03-16 12:30	216064	--sha-r-	c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\dokumente und einstellungen\admin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\dokumente und einstellungen\admin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\dokumente und einstellungen\admin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\dokumente und einstellungen\admin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\dokumente und einstellungen\admin\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe" [2012-05-04 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-20 19523616]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"Norton Ghost 15.0"="c:\programme\Norton Ghost\Agent\VProTray.exe" [2010-03-03 2598760]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-02-11 536576]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-14 348624]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2011-12-09 74752]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\dokumente und einstellungen\admin\Desktop\OTL.exe" [2012-06-27 596992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\admin\Startmenü\Programme\Autostart\
BUFFALO NAS Navigator2.lnk - c:\programme\BUFFALO\NASNAVI\NasNavi.exe [2012-4-17 1927120]
Dropbox.lnk - c:\dokumente und einstellungen\admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
NAS Scheduler.lnk - c:\programme\BUFFALO\NASNAVI\nassche.exe [2012-4-17 206128]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Quicken 2009 Zahlungserinnerung.lnk - c:\programme\Quicken\2009\billmind.exe [2008-5-20 98304]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 80 (0x50)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SmartUI.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\SmartUI.lnk
backup=c:\windows\pss\SmartUI.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
= [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53	35736	----a-w-	c:\programme\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2002-08-08 10:09	36864	----a-w-	c:\programme\Scansoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
2007-09-25 11:59	532776	----a-w-	c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:52	1695232	------w-	c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2002-08-08 09:38	45108	----a-w-	c:\programme\Scansoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-04-28 07:59	220552	----a-w-	c:\programme\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02	254696	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2009-02-03 15:27	2158592	----a-w-	c:\programme\Vtune\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38	247144	----a-w-	c:\programme\TomTom HOME 2\TomTomHOMERunner.exe
.
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [09.02.2012 15:57 36000]
S2 AntiVirMailService;Avira Email Schutz;c:\programme\Avira\AntiVir Desktop\avmailc.exe [09.02.2012 15:57 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [09.02.2012 15:58 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [09.02.2012 15:57 465360]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [14.07.2011 13:43 136176]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [27.06.2012 10:13 654408]
S2 NasPmService;NAS PM Service;c:\programme\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=297 -dto=3 -dluc=0 -dmin=1 -dmax=2 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=292 -pmin=1 -pmax=2 -pflc=0 --> c:\programme\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=297 -dto=3 -dluc=0 -dmin=1 -dmax=2 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=292 -pmin=1 -pmax=2 -pflc=0 [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [24.08.2010 11:38 92008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02.04.2012 12:53 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19.05.2009 19:15 1691480]
S3 brfilt;Brother MFC-Filtertreiber;c:\windows\system32\drivers\BrFilt.sys [03.06.2009 15:32 2944]
S3 brparimg;Brother Multifunktions-parallel-Image-Treiber;c:\windows\system32\drivers\BrParImg.sys [21.01.2010 10:54 3168]
S3 BrParWdm;Brother WDM-Treiber (parallel);c:\windows\system32\drivers\BrParwdm.sys [21.01.2010 10:54 39808]
S3 BrSerWDM;Brother WDM-Treiber (seriell);c:\windows\system32\drivers\BrSerWdm.sys [03.06.2009 15:32 60416]
S3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB);c:\windows\system32\drivers\BrUsbMdm.sys [03.06.2009 15:32 11008]
S3 BrUsbScn;Brother MFC-Scannertreiber (USB);c:\windows\system32\drivers\BrUsbScn.sys [03.06.2009 15:31 10368]
S3 FLASHSYS;FLASHSYS;c:\programme\MSI\Live Update 4\LU4\FlashSys.sys [14.03.2011 19:38 9216]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [21.09.2009 20:25 1574408]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [21.09.2009 20:26 57840]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [14.07.2011 13:43 136176]
S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [14.03.2011 17:35 45056]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27.06.2012 10:13 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [04.05.2012 14:59 113120]
S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 21:37 4640000]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [14.04.2008 07:52 5120]
S3 SymSnapService;SymSnapService;c:\programme\Norton Ghost\Shared\Drivers\SymSnapService.exe [21.09.2009 20:19 1964528]
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 11:46]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-07-14 11:43]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-07-14 11:43]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{99277728-F2C2-46E7-B3A0-2E8743EA09DC}: NameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yx8gn338.default\
FF - prefs.js: browser.startup.homepage - hxxp://groupware.vfs-langenhagen.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Convert Image To PDF_is1 - c:\programme\Softinterface
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-28 14:18
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,96,ad,1f,b4,ce,7c,42,ab,ea,25,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,96,ad,1f,b4,ce,7c,42,ab,ea,25,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(240)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Zeit der Fertigstellung: 2012-06-28  14:20:06
ComboFix-quarantined-files.txt  2012-06-28 12:20
.
Vor Suchlauf: 10 Verzeichnis(se), 966.987.059.200 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 967.256.748.032 Bytes frei
.
- - End Of File - - C3780768BB895C807EC4E41476937C67
         
Besten Gruß
Sascha

Antwort

Themen zu TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität
adobe, antivir, avg, avira, behandlung, bho, branding, dateisystem, document, einstellungen, excel, fehler, firefox, firefox 13.0.1, flash player, format, ftp, google earth, heuristiks/extra, heuristiks/shuriken, home, installation, lexware, logfile, mozilla, ntdll.dll, object, plug-in, realtek, registry, rootkit, scan, searchscopes, senden, sigcheck, spotify web helper, svchost.exe, symantec, tr/atraps.gen2, tr/sirefef.ag.35, tr/small.fi, trojaner, unsignedfile.multi.generic, wbemess.dll




Ähnliche Themen: TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität


  1. Avira meldet TR/ZAccess.H , TR/Sirefef.A.37 , TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (2)
  2. Trojanische Pferde: TR/Small.FI; TR/Sirefef.AG.35; TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 16.07.2012 (7)
  3. TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI Meldungen
    Log-Analyse und Auswertung - 09.07.2012 (17)
  4. Trojaner-Dauerschleife: TR/ATRAPS.Gen2 ; TR/Sirefef.AG.35 ; TR/Small.FI
    Log-Analyse und Auswertung - 06.07.2012 (15)
  5. Anfangs TR/Dropper.Gen, nun permanente Meldungen zu TR/Sirefef.AG.35, TR/ATRAPS.Gen2 und TR/Small.FI
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (41)
  6. Hilfe! Trojan.Small; Trojan.Sirefef; Rootkit.0Access; Trojan.Atraps.Gen2 auf meinem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (11)
  7. TR/ATRAPS.Gen2 ,TR/Sirefef.AG.35,TR/Small.FI Bei xp home pc
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  8. 3 Trojaner Sirefef, ATRAPS, SMALL! Bin ratlos. gmer geht nicht.
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (17)
  9. Trojanerbefall: Sirefef.AG.35, ATRAPS.GEN2, Small.FI
    Log-Analyse und Auswertung - 21.06.2012 (11)
  10. Vier Trojaner: TR/ATRAPS.Gen2, TR/Sirefef.AG.35, TR/Small.FI, TR/Dldr.Phdet.E.36
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  11. Trojaner TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI auf meinem PC
    Plagegeister aller Art und deren Bekämpfung - 17.06.2012 (19)
  12. doppelt: Sirefef.AG.35, ATRAPS.GEN2 u. Small.FI Befall
    Mülltonne - 17.06.2012 (0)
  13. Avira meldet Trojaner: TR/Sirefef.GC.1; TR/Small.FI und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (3)
  14. Avira meldet Trojaner ATRAPS.GEN2 und Sirefef.AG.35
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (27)
  15. Antivir zeigt stänidg Fund von TR/ATRAPS.Gen2, TR/Sirefef.AG.35 und TR/Small.FI an
    Plagegeister aller Art und deren Bekämpfung - 02.06.2012 (1)
  16. AntiVir meldet TR/Rootkit.Gen2 und TR/Sirefef.BP.1 auf Win XP SP3
    Log-Analyse und Auswertung - 05.03.2012 (14)
  17. TR/Sirefef.BP.1 + TR/Rootkit.Gen2 - Antivir meldet Virus
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (13)

Zum Thema TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität - Hallo, seit Dienstag meldet sich Avira auf unserem Büro-Rechner mit den Trojaner Funden: TR/Atraps.Gen2 TR/Sirefef.AG.35 und TR/Small.FI Ein Scan mit Malewarebytes hat den Fund bestätigt. In Quarantäne verschieben funktioniert nicht. - TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität...
Archiv
Du betrachtest: TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.