| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Live Security Premium - Absturz im abgesicherten ModusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.08.2012, 09:44
| #1 |
| |  Live Security Premium - Absturz im abgesicherten Modus Hallo, auf dem Notebook meiner Freundin hat sich der Live Security Premium eingenistet. Ich wollte wie hier beschrieben mit Defogger, OLT und GMER vorgehen, doch beim Scan mit OLT ging der Rechner einfach aus. Das passierte auch beim zweiten Durchlauf mit OLT. Hab den Rechner beide Male im abgesicherten Modus mit Netzwerktreibern gestartet. Wenn ich den Rechner jetzt im abgesicherten Modus (mit und ohne Netzwerktreiber) starte, geht er nach ein paar Sekunden automatisch aus, nachdem der Desktop auf dem Bildschirm erschienen ist. Was muss/kann ich tun, um Live Security Premium wieder loszuwerden? |
|
08.08.2012, 10:15
| #2 |
  | Live Security Premium - Absturz im abgesicherten Modus Hi,
__________________lässt sich MAM installieren? Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. Rkill und dann OTL... Lade Dir RKILL auf den Desktop (http://download.bleepingcomputer.com/grinler/rkill.exe (exe) oder http://download.bleepingcomputer.com/grinler/rkill.scr (scr))
Dann OLT starten bzw. MAM... Wenn das nicht funzt: System mit OTL-PE scannen
chris
__________________ Geändert von Chris4You (08.08.2012 um 10:37 Uhr) |
|
08.08.2012, 15:17
| #3 |
| | Live Security Premium - Absturz im abgesicherten Modus Also, ich hab vor deinem Posting das System mit Windows Defender Offline von CD aus gescannt. Der Suchlauf ergab folgende Funde:
__________________Trojan: Win32/Sirefef.P Rogue: Win32/Winwebsec Beide Funde wurden vom Defender gelöscht. Danach habe ich MAM scannen lassen. Während des Scans hat AntiVir den Fund "BDS\ZAccess.V" gemeldet. Ich habe den Scan pausiert, den Fund in Quarantäne verschoben und dort dann gelöscht. Anschließend habe ich den MAM-Scan fortgesetzt. Das Log File sieht so aus: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.08.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 *** :: *** [Administrator] Schutz: Aktiviert 08.08.2012 14:12:37 mbam-log-2012-08-08 (14-12-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 283251 Laufzeit: 1 Stunde(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Rkill 2.0.3 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
hxxp://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/08/2012 03:19:12 PM in x86 mode.
Windows Version: Windows XP
Checking for Windows services to stop.
* No malware services found to stop.
Checking for processes to terminate.
* No malware processes found to kill.
Checking Registry for malware related settings.
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks.
* No issues found.
Restarting Explorer.exe in order to apply changes.
Program finished at: 08/08/2012 03:19:22 PM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)
OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.08.2012 15:24:27 - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,66% Memory free 3,85 Gb Paging File | 3,27 Gb Available in Paging File | 85,07% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,05 Gb Total Space | 127,31 Gb Free Space | 85,42% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.08 15:22:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.05.08 18:21:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 18:21:32 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 18:21:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 18:21:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.10.19 16:04:00 | 000,180,224 | ---- | M] (MSI) -- C:\Programme\System Control Manager\MGSysCtrl.exe PRC - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe ========== Modules (No Company Name) ========== MOD - [2012.06.23 13:00:11 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.06.23 13:00:08 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2012.06.13 19:26:52 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012.06.13 08:05:38 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.06.13 08:05:26 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.06.13 08:03:38 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2012.06.13 08:03:36 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.05.10 15:08:04 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.10 07:36:47 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.09 22:25:45 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.09 22:25:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.05.08 18:21:33 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.10.23 18:01:13 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2741.38382__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2011.10.23 18:01:13 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2741.38613__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2011.10.23 18:01:13 | 000,233,472 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2741.38339__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2741.38396__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2011.10.23 18:01:13 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2741.38605__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2741.38561__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2741.38374__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2011.10.23 18:01:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2741.38396__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2741.38500__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2741.38359__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2011.10.23 18:01:12 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2741.38641__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2011.10.23 18:00:53 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2741.38570__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:53 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2741.38648__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:53 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2741.38389__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:53 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2741.38576__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2011.10.23 18:00:53 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2741.38352__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:53 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2741.38569__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2011.10.23 18:00:53 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2741.38388__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2011.10.23 18:00:52 | 000,790,528 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2741.38508__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:52 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2741.38591__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2011.10.23 18:00:52 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.2741.38654__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.2741.38654__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,897,024 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2741.38606__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2741.38411__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2741.38501__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2741.38360__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2741.38548__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,327,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2741.38493__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2741.38418__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2011.10.23 18:00:51 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2741.38404__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2741.38527__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2741.38507__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2741.38500__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2741.38418__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2741.38507__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2741.38527__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2741.38548__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2700.34701__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2011.10.23 18:00:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2700.34689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2011.10.23 18:00:51 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2700.34750__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2011.10.23 18:00:51 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2700.34706__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2011.10.23 18:00:51 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2700.34739__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2011.10.23 18:00:50 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2700.34674__90ba9c70f846762e\CLI.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2700.34697__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2700.34727__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2011.10.23 18:00:50 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2700.34759__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2700.34671__90ba9c70f846762e\LOG.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2700.34808__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2011.10.23 18:00:50 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.2700.34759__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2700.34680__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2700.34751__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2700.34705__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2700.34694__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2700.34686__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2700.34714__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2700.34703__90ba9c70f846762e\MOM.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2700.34718__90ba9c70f846762e\DEM.OS.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2700.34754__90ba9c70f846762e\DEM.Graphics.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2700.34702__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2700.34713__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2700.34729__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2011.10.23 18:00:50 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2011.10.23 18:00:49 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2700.34728__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2700.34714__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2700.34722__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2705.19134__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2700.34726__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2700.34709__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2700.34716__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2700.34724__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2700.34708__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2700.34672__90ba9c70f846762e\AEM.Foundation.dll MOD - [2011.10.23 18:00:49 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2011.10.23 18:00:49 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2700.34717__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2700.34704__90ba9c70f846762e\APM.Foundation.dll MOD - [2011.10.23 18:00:49 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2700.34697__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2011.10.23 18:00:44 | 000,086,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2741.38620_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2011.10.23 18:00:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2741.38672__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2011.10.23 18:00:44 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2741.38329__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2011.10.23 18:00:43 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2741.38368__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2011.10.23 18:00:43 | 000,446,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2741.38620__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2011.10.23 18:00:43 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2741.38628__90ba9c70f846762e\MOM.Implementation.dll MOD - [2011.10.23 18:00:43 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2741.38331__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2011.10.23 18:00:43 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2741.38626__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2011.10.23 18:00:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2700.34690__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2011.10.23 18:00:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2700.34706__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2011.10.23 18:00:43 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2700.34681__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2011.10.23 18:00:43 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2700.34752__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2011.10.23 18:00:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2700.34708__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2011.10.23 18:00:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2700.34711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2011.10.23 18:00:42 | 001,503,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2741.38347__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2011.10.23 18:00:42 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2741.38331__90ba9c70f846762e\ATIDEMOS.dll MOD - [2011.10.23 18:00:42 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2741.38331__90ba9c70f846762e\APM.Server.dll MOD - [2011.10.23 18:00:42 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2741.38330__90ba9c70f846762e\AEM.Server.dll MOD - [2011.10.23 18:00:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2700.34698__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2011.10.23 18:00:42 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2741.38627__90ba9c70f846762e\CCC.Implementation.dll MOD - [2011.10.23 18:00:42 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2011.10.23 18:00:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2700.34740__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2007.08.08 15:41:24 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\MGHwCtrl.dll MOD - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe MOD - [2005.08.26 11:41:14 | 000,010,752 | ---- | M] () -- C:\Programme\System Control Manager\MGKBHook.dll MOD - [2004.07.06 15:12:00 | 000,290,816 | ---- | M] () -- C:\Programme\System Control Manager\CmSuppX.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.08.03 18:01:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.29 18:50:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.05.08 18:21:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 18:21:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.10.23 21:28:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\edd.exe -- (NishService) SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.18 15:40:44 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2012.05.08 18:21:33 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 18:21:33 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.16 19:09:40 | 000,188,032 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CxPlrCap.sys -- (CXPLRCAP) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.27 15:20:06 | 000,177,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009.09.07 18:59:16 | 001,584,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2008.04.13 21:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2007.08.08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.18 19:26:04 | 004,547,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007.07.04 21:55:40 | 002,304,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.07.03 10:31:26 | 000,009,088 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MGHwCtrl.sys -- (MGHwCtrl) DRV - [2006.06.18 23:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {5A19F5FE-0304-4F04-A01F-A94D8FF9CF2F} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{5A19F5FE-0304-4F04-A01F-A94D8FF9CF2F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {5A19F5FE-0304-4F04-A01F-A94D8FF9CF2F} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{5A19F5FE-0304-4F04-A01F-A94D8FF9CF2F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7OPCH_deDE458 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.29 18:50:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.02.13 00:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2012.02.13 00:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de [2012.06.27 21:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\28uz4g5l.default\extensions [2012.04.15 14:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.29 18:50:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340449039000 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.23 16:21:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.08 15:22:09 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.08.08 15:18:34 | 001,051,552 | ---- | C] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\***\Desktop\rkill.exe [2012.08.08 14:11:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2012.08.08 14:10:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.08.08 14:10:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.08.08 14:10:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.08.08 14:10:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.08.08 10:08:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2012.08.08 10:03:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2012.08.07 23:29:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\IPM [2012.08.07 22:25:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Live Security Platinum [2012.08.07 22:24:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E1926292433DE0043EC177B07D329 [2012.07.28 15:06:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Steuer 2008 [2012.07.28 15:05:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2012.07.23 08:21:25 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Verwaltung [12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.08 15:22:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.08.08 15:21:02 | 000,000,391 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Netzwerk-Festplatte.lnk [2012.08.08 15:18:37 | 001,051,552 | ---- | M] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\***\Desktop\rkill.exe [2012.08.08 15:01:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.08.08 14:10:14 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.08 14:03:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.08 10:02:12 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2012.08.07 20:10:54 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.04 18:43:41 | 000,000,534 | ---- | M] () -- C:\WINDOWS\wiso.ini [2012.08.03 19:25:28 | 000,016,945 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\DB BAHN - Verbindungen - Ihre Auskunft.pdf [2012.07.28 15:08:01 | 000,001,990 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer Hilfesammlung.lnk [2012.07.28 15:06:37 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2008.lnk [2012.07.24 19:15:08 | 000,002,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2010.lnk [2012.07.23 08:34:15 | 000,003,034 | ---- | M] () -- C:\Programme\cc.xml [2012.07.17 20:22:55 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.07.17 20:22:53 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.07.16 23:12:45 | 000,068,608 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.11 19:04:57 | 000,512,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.08 14:10:14 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.08 10:02:12 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2012.08.03 19:25:28 | 000,016,945 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\DB BAHN - Verbindungen - Ihre Auskunft.pdf [2012.07.28 15:08:01 | 000,001,990 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer Hilfesammlung.lnk [2012.07.28 15:06:37 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2008.lnk [2012.06.23 14:07:54 | 000,003,034 | ---- | C] () -- C:\Programme\cc.xml [2012.05.18 15:35:47 | 000,010,261 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini [2012.04.20 18:24:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.02.16 23:28:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.05 12:05:29 | 000,016,382 | R--- | C] () -- C:\WINDOWS\System32\drivers\merlinD.bin [2012.02.05 12:05:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2011.12.22 18:46:19 | 000,000,534 | ---- | C] () -- C:\WINDOWS\wiso.ini [2011.11.28 21:39:42 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini [2011.10.25 21:38:01 | 000,068,608 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.23 21:04:23 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011.10.23 21:04:23 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2011.10.23 21:00:26 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2011.10.23 21:00:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2011.10.23 21:00:26 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat [2011.10.23 20:59:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2011.10.23 20:57:16 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2011.10.23 20:44:37 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.10.23 20:17:33 | 000,787,208 | ---- | C] () -- C:\Programme\CleverCleaner.exe [2011.10.23 18:08:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011.10.23 18:05:45 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2011.10.23 17:54:01 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\MGHwCtrl.dll [2011.10.23 17:54:01 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MGFPCtrl.dll [2011.10.23 17:54:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MGPwrShm.dll [2011.10.23 17:40:35 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2011.10.23 17:40:35 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2011.10.23 17:40:35 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011.10.23 17:40:34 | 000,149,278 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.10.23 16:52:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.10.23 16:51:04 | 000,512,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.10.23 16:23:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.10.23 16:18:27 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004.08.04 14:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{02d975ad-f735-95da-3e1a-b392fbf7d06f}\@ [2004.08.04 14:00:00 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{02d975ad-f735-95da-3e1a-b392fbf7d06f}\@ ========== LOP Check ========== [2012.08.07 22:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E1926292433DE0043EC177B07D329 [2012.07.28 15:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2012.08.03 21:12:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2012.04.06 18:07:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2011.10.25 22:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2011.10.25 22:32:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.10.23 20:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2012.02.05 11:56:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp [2011.12.22 18:52:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buhl Data Service [2012.04.06 18:08:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular [2012.02.13 00:04:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Haufe Mediengruppe [2011.11.17 10:35:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICAClient [2011.10.25 22:32:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lexware [2011.11.19 10:26:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenCandy [2012.03.11 11:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScanSoft [2012.06.23 13:04:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search [2012.06.23 13:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search ========== Purity Check ========== < End of report > Was muss ich als nächstes machen? Bin ich den Virus los? |
|
08.08.2012, 15:30
| #4 |
| | Live Security Premium - Absturz im abgesicherten Modus Hi, Reste des Rootkits sind noch da: Code:
ATTFilter [2004.08.04 14:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{02d975ad-f735-95da-3e1a-b392fbf7d06f}\@
[2004.08.04 14:00:00 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{02d975ad-f735-95da-3e1a-b392fbf7d06f}\@
Fix für OTL:
 Achtung: die *** durch den richtigen Pfad ersetzten, sonst läuft das Script nicht richtig! Code:
ATTFilter
:OTL
[2004.08.04 14:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{02d975ad-f735-95da-3e1a-b392fbf7d06f}\@
[2004.08.04 14:00:00 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{02d975ad-f735-95da-3e1a-b392fbf7d06f}\@
[2012.08.07 22:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E1926292433DE0043EC177B07D329
[2012.08.07 22:25:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Live Security Platinum
:Commands
[emptytemp]
[Reboot]
TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein:  Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten... Da der Killer in letzter Zeit sehr oft die services.exe übersehen hat (möglicherweise infiziert): Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
08.08.2012, 16:14
| #5 |
| | Live Security Premium - Absturz im abgesicherten Modus Nach dem Start des OTL-Fix kam die Meldung, dass MAM unerwartet beendet wurde und ich mir das Log File dazu ansehen soll. Die Meldung konnte ich mit "Ok" aber nicht wegklicken, es gab keine Reaktion. Schließlich reagierte auch OTL nicht mehr, so dass ich den Rechner mit langen Druck auf die Power-Taste abgeschaltet habe. Bei einem zweiten Versuch mit OTL fror das Programm wieder ein und ich musste den Rechner auf die gleiche Weise wie beim ersten Mal abschalten. Ein Log File hat OTL leider nicht angelegt. Klingt alles nicht sehr gut... So, hab nun nochmal einen Scan mit OLT gemacht. Hier die Logs: OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.08.2012 17:22:51 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 66,94% Memory free 3,85 Gb Paging File | 3,16 Gb Available in Paging File | 82,20% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,05 Gb Total Space | 127,30 Gb Free Space | 85,41% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.08 16:50:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2012.07.29 18:50:53 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.05.08 18:21:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 18:21:32 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 18:21:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 18:21:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.10.19 16:04:00 | 000,180,224 | ---- | M] (MSI) -- C:\Programme\System Control Manager\MGSysCtrl.exe PRC - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe ========== Modules (No Company Name) ========== MOD - [2012.08.03 18:01:07 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll MOD - [2012.07.29 18:50:52 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.06.23 13:00:11 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.06.23 13:00:08 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2012.06.13 19:26:52 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012.06.13 08:05:38 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.06.13 08:05:26 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.06.13 08:03:38 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2012.06.13 08:03:36 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.05.10 15:08:04 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.10 07:36:47 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.09 22:25:45 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.09 22:25:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.05.08 18:21:33 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.10.23 18:01:13 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2741.38382__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2011.10.23 18:01:13 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2741.38613__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2011.10.23 18:01:13 | 000,233,472 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2741.38339__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2741.38396__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2011.10.23 18:01:13 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2741.38605__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2741.38561__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2741.38374__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2011.10.23 18:01:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2741.38396__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2741.38500__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2741.38359__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2011.10.23 18:01:12 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2741.38641__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2011.10.23 18:00:53 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2741.38570__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:53 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2741.38648__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:53 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2741.38389__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:53 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2741.38576__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2011.10.23 18:00:53 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2741.38352__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:53 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2741.38569__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2011.10.23 18:00:53 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2741.38388__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2011.10.23 18:00:52 | 000,790,528 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2741.38508__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:52 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2741.38591__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2011.10.23 18:00:52 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.2741.38654__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.2741.38654__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,897,024 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2741.38606__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2741.38411__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2741.38501__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2741.38360__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2741.38548__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,327,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2741.38493__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2741.38418__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2011.10.23 18:00:51 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2741.38404__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2741.38527__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2741.38507__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2741.38500__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2741.38418__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2741.38507__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2741.38527__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2741.38548__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2700.34701__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2011.10.23 18:00:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2700.34689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2011.10.23 18:00:51 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2700.34750__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2011.10.23 18:00:51 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2700.34706__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2011.10.23 18:00:51 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2700.34739__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2011.10.23 18:00:50 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2700.34674__90ba9c70f846762e\CLI.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2700.34697__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2700.34727__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2011.10.23 18:00:50 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2700.34759__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2700.34671__90ba9c70f846762e\LOG.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2700.34808__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2011.10.23 18:00:50 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.2700.34759__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2700.34680__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2700.34751__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2700.34705__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2700.34694__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2700.34686__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2700.34714__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2700.34703__90ba9c70f846762e\MOM.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2700.34718__90ba9c70f846762e\DEM.OS.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2700.34754__90ba9c70f846762e\DEM.Graphics.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2700.34702__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2700.34713__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2700.34729__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2011.10.23 18:00:50 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2011.10.23 18:00:49 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2700.34728__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2700.34714__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2700.34722__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2705.19134__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2700.34726__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2700.34709__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2700.34716__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2700.34724__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2700.34708__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2700.34672__90ba9c70f846762e\AEM.Foundation.dll MOD - [2011.10.23 18:00:49 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2011.10.23 18:00:49 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2700.34717__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2700.34704__90ba9c70f846762e\APM.Foundation.dll MOD - [2011.10.23 18:00:49 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2700.34697__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2011.10.23 18:00:44 | 000,086,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2741.38620_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2011.10.23 18:00:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2741.38672__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2011.10.23 18:00:44 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2741.38329__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2011.10.23 18:00:43 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2741.38368__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2011.10.23 18:00:43 | 000,446,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2741.38620__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2011.10.23 18:00:43 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2741.38628__90ba9c70f846762e\MOM.Implementation.dll MOD - [2011.10.23 18:00:43 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2741.38331__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2011.10.23 18:00:43 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2741.38626__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2011.10.23 18:00:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2700.34690__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2011.10.23 18:00:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2700.34706__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2011.10.23 18:00:43 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2700.34681__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2011.10.23 18:00:43 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2700.34752__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2011.10.23 18:00:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2700.34708__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2011.10.23 18:00:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2700.34711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2011.10.23 18:00:42 | 001,503,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2741.38347__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2011.10.23 18:00:42 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2741.38331__90ba9c70f846762e\ATIDEMOS.dll MOD - [2011.10.23 18:00:42 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2741.38331__90ba9c70f846762e\APM.Server.dll MOD - [2011.10.23 18:00:42 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2741.38330__90ba9c70f846762e\AEM.Server.dll MOD - [2011.10.23 18:00:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2700.34698__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2011.10.23 18:00:42 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2741.38627__90ba9c70f846762e\CCC.Implementation.dll MOD - [2011.10.23 18:00:42 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2011.10.23 18:00:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2700.34740__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2007.08.08 15:41:24 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\MGHwCtrl.dll MOD - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe MOD - [2005.08.26 11:41:14 | 000,010,752 | ---- | M] () -- C:\Programme\System Control Manager\MGKBHook.dll MOD - [2004.07.06 15:12:00 | 000,290,816 | ---- | M] () -- C:\Programme\System Control Manager\CmSuppX.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.08.03 18:01:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.29 18:50:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.05.08 18:21:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 18:21:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.10.23 21:28:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\edd.exe -- (NishService) SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.18 15:40:44 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2012.05.08 18:21:33 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 18:21:33 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.16 19:09:40 | 000,188,032 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CxPlrCap.sys -- (CXPLRCAP) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.27 15:20:06 | 000,177,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009.09.07 18:59:16 | 001,584,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2008.04.13 21:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2007.08.08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.18 19:26:04 | 004,547,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007.07.04 21:55:40 | 002,304,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.07.03 10:31:26 | 000,009,088 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MGHwCtrl.sys -- (MGHwCtrl) DRV - [2006.06.18 23:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {5A19F5FE-0304-4F04-A01F-A94D8FF9CF2F} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{5A19F5FE-0304-4F04-A01F-A94D8FF9CF2F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {5A19F5FE-0304-4F04-A01F-A94D8FF9CF2F} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{5A19F5FE-0304-4F04-A01F-A94D8FF9CF2F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7OPCH_deDE458 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.29 18:50:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.02.13 00:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2012.02.13 00:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de [2012.06.27 21:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\28uz4g5l.default\extensions [2012.04.15 14:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.29 18:50:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340449039000 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.99.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DE1132E-F712-4BCF-8E88-9682CF39B8BB}: DhcpNameServer = 192.168.99.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.23 16:21:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.08 17:18:21 | 004,729,922 | ---- | C] (Swearware) -- C:\Dokumente und Einstellungen\***\Desktop\ComboFix.exe [2012.08.08 17:15:07 | 000,000,000 | ---D | C] -- C:\TDSSkiller [2012.08.08 16:53:32 | 000,000,000 | ---D | C] -- C:\_OTL [2012.08.08 16:50:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.08.08 14:11:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2012.08.08 14:10:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.08.08 14:10:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.08.08 14:10:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.08.08 14:10:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.08.08 10:08:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2012.08.08 10:03:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2012.08.07 23:29:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\IPM [2012.08.07 22:25:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Live Security Platinum [2012.08.07 22:24:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E1926292433DE0043EC177B07D329 [2012.07.28 15:06:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Steuer 2008 [2012.07.28 15:05:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2012.07.23 08:21:25 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Verwaltung [12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.08 17:18:44 | 004,729,922 | ---- | M] (Swearware) -- C:\Dokumente und Einstellungen\***\Desktop\ComboFix.exe [2012.08.08 17:04:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.08 16:50:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.08.08 15:57:32 | 000,000,391 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Netzwerk-Festplatte.lnk [2012.08.08 15:54:29 | 000,512,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.08.08 15:01:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.08.08 14:10:14 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.08 10:02:12 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2012.08.07 20:10:54 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.04 18:43:41 | 000,000,534 | ---- | M] () -- C:\WINDOWS\wiso.ini [2012.08.03 19:25:28 | 000,016,945 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\DB BAHN - Verbindungen - Ihre Auskunft.pdf [2012.07.28 15:08:01 | 000,001,990 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer Hilfesammlung.lnk [2012.07.28 15:06:37 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2008.lnk [2012.07.24 19:15:08 | 000,002,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2010.lnk [2012.07.23 08:34:15 | 000,003,034 | ---- | M] () -- C:\Programme\cc.xml [2012.07.17 20:22:55 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.07.17 20:22:53 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.07.16 23:12:45 | 000,068,608 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.08 14:10:14 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.08 10:02:12 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2012.08.03 19:25:28 | 000,016,945 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\DB BAHN - Verbindungen - Ihre Auskunft.pdf [2012.07.28 15:08:01 | 000,001,990 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer Hilfesammlung.lnk [2012.07.28 15:06:37 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2008.lnk [2012.06.23 14:07:54 | 000,003,034 | ---- | C] () -- C:\Programme\cc.xml [2012.05.18 15:35:47 | 000,010,261 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini [2012.04.20 18:24:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.02.16 23:28:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.05 12:05:29 | 000,016,382 | R--- | C] () -- C:\WINDOWS\System32\drivers\merlinD.bin [2012.02.05 12:05:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2011.12.22 18:46:19 | 000,000,534 | ---- | C] () -- C:\WINDOWS\wiso.ini [2011.11.28 21:39:42 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini [2011.10.25 21:38:01 | 000,068,608 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.23 21:04:23 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011.10.23 21:04:23 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2011.10.23 21:00:26 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2011.10.23 21:00:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2011.10.23 21:00:26 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat [2011.10.23 20:59:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2011.10.23 20:57:16 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2011.10.23 20:44:37 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.10.23 20:17:33 | 000,787,208 | ---- | C] () -- C:\Programme\CleverCleaner.exe [2011.10.23 18:08:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011.10.23 18:05:45 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2011.10.23 17:54:01 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\MGHwCtrl.dll [2011.10.23 17:54:01 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MGFPCtrl.dll [2011.10.23 17:54:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MGPwrShm.dll [2011.10.23 17:40:35 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2011.10.23 17:40:35 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2011.10.23 17:40:35 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011.10.23 17:40:34 | 000,149,278 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.10.23 16:52:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.10.23 16:51:04 | 000,512,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.10.23 16:23:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.10.23 16:18:27 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004.08.04 14:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{02d975ad-f735-95da-3e1a-b392fbf7d06f}\@ [2004.08.04 14:00:00 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{02d975ad-f735-95da-3e1a-b392fbf7d06f}\@ ========== LOP Check ========== [2012.08.07 22:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E1926292433DE0043EC177B07D329 [2012.07.28 15:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2012.08.03 21:12:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2012.04.06 18:07:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2011.10.25 22:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2011.10.25 22:32:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.10.23 20:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2012.02.05 11:56:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp [2011.12.22 18:52:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buhl Data Service [2012.04.06 18:08:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular [2012.02.13 00:04:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Haufe Mediengruppe [2011.11.17 10:35:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICAClient [2011.10.25 22:32:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lexware [2011.11.19 10:26:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenCandy [2012.03.11 11:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScanSoft [2012.06.23 13:04:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search [2012.06.23 13:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.08.2012 17:22:51 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 66,94% Memory free
3,85 Gb Paging File | 3,16 Gb Available in Paging File | 82,20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 127,30 Gb Free Space | 85,41% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{02709761-13C8-161F-7665-B2D05E63806D}" = CCC Help Japanese
"{03ED6584-5A5A-4CA3-B61D-741618E510DF}" = Steuer 2008
"{04432213-11CF-DB3E-F6A1-E0688ED66FE9}" = Catalyst Control Center Localization Finnish
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{086EE599-05E8-1873-8886-C25EF1226800}" = CCC Help Czech
"{0B0C5958-F741-0CDE-EE7A-04BD7F3BE4E1}" = CCC Help Russian
"{0E977EF3-6DFD-FACD-3F02-09ECD9BCEBD5}" = CCC Help Greek
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{10654C14-421E-3848-155F-CA95924D5561}" = Catalyst Control Center Localization Russian
"{110A9B0C-C58A-721F-C150-1C9CAD0F8EBA}" = Catalyst Control Center Localization Korean
"{11B0397F-DCA3-8DD7-4BA3-CC53FE0B3EB2}" = CCC Help Chinese Standard
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D1CDDE6-3D11-9607-E196-38C928055999}" = Catalyst Control Center Localization German
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1ED06317-D6C5-1BC9-192E-986D77AE4042}" = Catalyst Control Center Graphics Full Existing
"{1EF2B07F-5784-FED3-C9FB-F0FCB10F1B4E}" = ccc-core-static
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF080B7-13ED-51B0-502E-A5A54635CEAE}" = CCC Help Portuguese
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2532A16A-F9E0-F977-B43A-6E83A249BC17}" = CCC Help French
"{2610D3D5-CD1E-894D-960A-0E0363909077}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{27FEE312-683D-B58A-11B5-BA5FA7B0EE03}" = Catalyst Control Center Localization Norwegian
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28E30152-32C5-4152-8C87-6C638E695CEC}" = Steuer Update 15.09
"{2A8960B9-8CEC-1B4B-74DB-838ED940B6DB}" = CCC Help Dutch
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4E572D53-856F-708E-CC5C-06083A06FAE9}" = Catalyst Control Center Localization Chinese Standard
"{4EE207AD-587B-D264-D4AC-C4D1A5784B7F}" = CCC Help Finnish
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5E78F54A-342D-937F-F3C8-5F66CB0BC072}" = Catalyst Control Center Localization Thai
"{6181E138-C21C-471C-9238-F2F59C314C6C}" = Steuer 2008
"{64627F5A-13C7-BCE3-187B-9F7FB7D0F50F}" = Catalyst Control Center Localization Portuguese
"{67DABCB4-239C-4E02-805E-DEA0DDCB1926}" = Steuer Hilfesammlung
"{6886E6EF-129E-524B-D511-E0EB7FBF8F07}" = CCC Help Turkish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77C8D4D8-F0DC-4E4D-C89E-E9BC7045B93F}" = Catalyst Control Center Localization Turkish
"{7B04D2F0-5CA6-8A00-CEDE-37E63EF27198}" = CCC Help Polish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}" = hp deskjet 3600
"{7E985000-0C20-703E-81B1-CA13B37DF6CF}" = Catalyst Control Center Localization Danish
"{88C3F9C2-877D-ABA0-73E6-4756E0BA4432}" = CCC Help Thai
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{94FCB2B1-5F88-FD28-5CF0-78101902D9BA}" = CCC Help Korean
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C825A0-7B99-FB02-748F-8CBF48F56CED}" = Catalyst Control Center Localization Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB63C23-B8AA-8315-24BE-DEEEB3A614E4}" = Catalyst Control Center Graphics Full New
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A131608B-BE0F-61DA-A042-10C28569B46E}" = Catalyst Control Center Localization Dutch
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A4D30587-CB8E-F0B5-2A8A-FBE40EF2BED8}" = Catalyst Control Center Localization French
"{A5F15CBE-82BF-C14B-2A7D-025E38DDF195}" = CCC Help German
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{ADDD10A5-BEB1-5F74-3931-25AD5187C505}" = CCC Help Chinese Traditional
"{AEACF313-7F1B-689D-BD99-D5B4F76584EC}" = ccc-core-preinstall
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{B462DCF0-E7DD-3322-363C-B0B7A12BA83C}" = CCC Help English
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3FF896C-9D02-0839-A59A-243D58B8DA94}" = ccc-utility
"{C47D6DB0-FD16-3700-7E02-2F23A2422965}" = Catalyst Control Center Localization Czech
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C518ABA4-40D0-2330-C12D-022197874C9B}" = CCC Help Danish
"{C9B2CA73-0CED-8DCF-5D61-D8AD90296872}" = CCC Help Swedish
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAC3740A-0764-A8A5-8638-767A3D74BD87}" = Catalyst Control Center Localization Italian
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1470BA1-757E-86B0-8F65-900027BBC88C}" = Catalyst Control Center Core Implementation
"{D3873F32-3E40-FD94-E469-D141592F120D}" = CCC Help Spanish
"{E05F3177-6227-C820-AB74-E686711AF85C}" = Catalyst Control Center Localization Greek
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E59302D9-278E-0D1A-5B5F-215196BA5A49}" = CCC Help Norwegian
"{E6E8F20E-FD1C-660E-DD5C-419F1598E4A4}" = CCC Help Hungarian
"{E75197FC-F0BF-21FC-2363-6D69FD43F25C}" = Catalyst Control Center Localization Chinese Traditional
"{E91D3E2E-0065-EB56-76DC-BA343E65EC37}" = Catalyst Control Center Localization Spanish
"{E9AB4A03-9EF6-1456-4E86-E187106699F3}" = Catalyst Control Center Localization Japanese
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F28C7E97-8CD9-D8A3-2F10-FEAB61A91212}" = Catalyst Control Center Localization Hungarian
"{F4A0780D-CBDC-B18A-B805-9523C9941BBC}" = CCC Help Italian
"{F6785BA6-FBFC-CA7F-CF42-21F0E67F7183}" = Catalyst Control Center Localization Polish
"{FF2CD765-43EC-2792-38E5-19845113435A}" = Skins
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"ElsterFormular 13.1.1.8531u" = ElsterFormular
"hp deskjet 3600 series_Driver" = hp deskjet 3600 series
"hp print screen utility" = hp print screen utility
"ie8" = Windows Internet Explorer 8
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"VLC media player" = VLC media player 1.1.11
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.03.2012 13:55:46 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wmplayer.exe, Version 9.0.0.4503, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 10.03.2012 15:28:04 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 1.1.11.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 13.03.2012 14:02:27 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 1.1.11.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 14.03.2012 14:23:35 | Computer Name = *** | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft Office 2000 Premium -- Fehler 1706. Es wurde keine
gültige Quelle für das Produkt "Microsoft Office 2000 Premium" gefunden. Die Installation
kann nicht fortgesetzt werden.
Error - 25.03.2012 08:31:14 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 1.1.11.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 26.03.2012 19:20:24 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 1.1.11.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 06.04.2012 14:34:56 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrobat.exe, Version 9.0.0.332, fehlgeschlagenes
Modul acrobat.dll, Version 9.0.0.332, Fehleradresse 0x0007b5a5.
Error - 06.04.2012 14:35:44 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrobat.exe, Version 9.0.0.332, fehlgeschlagenes
Modul acrobat.dll, Version 9.0.0.332, Fehleradresse 0x0007b5a5.
Error - 06.04.2012 14:37:12 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrobat.exe, Version 9.0.0.332, fehlgeschlagenes
Modul acrobat.dll, Version 9.0.0.332, Fehleradresse 0x0007b5a5.
Error - 06.04.2012 14:37:38 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrobat.exe, Version 9.0.0.332, fehlgeschlagenes
Modul acrobat.dll, Version 9.0.0.332, Fehleradresse 0x0007b5a5.
[ System Events ]
Error - 08.08.2012 09:56:14 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 08.08.2012 10:50:06 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 08.08.2012 10:53:33 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Ati HotKey Poller" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 08.08.2012 10:53:33 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 08.08.2012 10:53:33 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 08.08.2012 10:58:07 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 08.08.2012 11:00:20 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Ati HotKey Poller" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 08.08.2012 11:00:21 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 08.08.2012 11:00:21 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 08.08.2012 11:06:29 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
< End of report >
Geändert von Xaphox (08.08.2012 um 16:50 Uhr) |
|
09.08.2012, 06:32
| #6 |
| | Live Security Premium - Absturz im abgesicherten Modus Hi, sind noch da, versuche OTL im abgesicherten Modsu (F8 beim Booten), falls dann noch ein Antivirenprogramm läuft, händisch beenden.. funktioniert das nicht, Combofix laufen lassen (den muss ich dann ggf. noch scripten)... chris
__________________ --> Live Security Premium - Absturz im abgesicherten Modus |
|
09.08.2012, 10:54
| #7 |
| | Live Security Premium - Absturz im abgesicherten Modus Hab's mit OTL im abgesicherten Modus probiert, aber leider vergessen, die Platzhalter zu entfernen. OTL lief aber trotzdem durch. Hier das Log: Code:
ATTFilter All processes killed
========== OTL ==========
C:\WINDOWS\Installer\{02d975ad-f735-95da-3e1a-b392fbf7d06f}\@ moved successfully.
File C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{02d975ad-f735-95da-3e1a-b392fbf7d06f}\@ not found.
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E1926292433DE0043EC177B07D329\ not found.
Folder C:\Dokumente und Einstellungen\***\Startmenü\Programme\Live Security Platinum\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 229404 bytes
->Temporary Internet Files folder emptied: 85781 bytes
->FireFox cache emptied: 17907635 bytes
User: All Users
User: ***
->Temp folder emptied: 638976 bytes
->Temporary Internet Files folder emptied: 9781780 bytes
->Java cache emptied: 2905406 bytes
->FireFox cache emptied: 67892246 bytes
->Flash cache emptied: 538 bytes
User: ***
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3610498 bytes
->Flash cache emptied: 492 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 8459056 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 106,00 mb
OTL by OldTimer - Version 3.2.56.0 log created on 08092012_100235
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter 10:07:51.0906 0824 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
10:07:51.0921 0824 ============================================================
10:07:51.0921 0824 Current date / time: 2012/08/09 10:07:51.0921
10:07:51.0921 0824 SystemInfo:
10:07:51.0921 0824
10:07:51.0921 0824 OS Version: 5.1.2600 ServicePack: 3.0
10:07:51.0921 0824 Product type: Workstation
10:07:51.0921 0824 ComputerName: ***
10:07:51.0921 0824 UserName: ***
10:07:51.0921 0824 Windows directory: C:\WINDOWS
10:07:51.0921 0824 System windows directory: C:\WINDOWS
10:07:51.0921 0824 Processor architecture: Intel x86
10:07:51.0921 0824 Number of processors: 2
10:07:51.0921 0824 Page size: 0x1000
10:07:51.0921 0824 Boot type: Normal boot
10:07:51.0921 0824 ============================================================
10:07:53.0906 0824 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x635DF9, SectorsPerTrack: 0x8, TracksPerCylinder: 0x6, Type 'K0', Flags 0x00000054
10:07:53.0906 0824 ============================================================
10:07:53.0906 0824 \Device\Harddisk0\DR0:
10:07:53.0906 0824 MBR partitions:
10:07:53.0906 0824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x8, BlocksNum 0x12A19E78
10:07:53.0906 0824 ============================================================
10:07:53.0984 0824 C: <-> \Device\Harddisk0\DR0\Partition0
10:07:54.0109 0824 ============================================================
10:07:54.0109 0824 Initialize success
10:07:54.0109 0824 ============================================================
10:08:24.0656 3476 ============================================================
10:08:24.0656 3476 Scan started
10:08:24.0656 3476 Mode: Manual; SigCheck; TDLFS;
10:08:24.0656 3476 ============================================================
10:08:25.0093 3476 Abiosdsk - ok
10:08:25.0093 3476 abp480n5 - ok
10:08:25.0156 3476 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:08:26.0187 3476 ACPI - ok
10:08:26.0218 3476 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:08:26.0390 3476 ACPIEC - ok
10:08:26.0484 3476 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:08:26.0546 3476 AdobeFlashPlayerUpdateSvc - ok
10:08:26.0562 3476 adpu160m - ok
10:08:26.0625 3476 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:08:26.0765 3476 aec - ok
10:08:26.0890 3476 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:08:26.0953 3476 AFD - ok
10:08:27.0015 3476 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
10:08:27.0046 3476 AFS2K ( UnsignedFile.Multi.Generic ) - warning
10:08:27.0046 3476 AFS2K - detected UnsignedFile.Multi.Generic (1)
10:08:27.0046 3476 Aha154x - ok
10:08:27.0062 3476 aic78u2 - ok
10:08:27.0062 3476 aic78xx - ok
10:08:27.0109 3476 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
10:08:27.0234 3476 Alerter - ok
10:08:27.0265 3476 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
10:08:27.0375 3476 ALG - ok
10:08:27.0375 3476 AliIde - ok
10:08:27.0437 3476 AmdK8 (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
10:08:27.0484 3476 AmdK8 - ok
10:08:27.0484 3476 amsint - ok
10:08:27.0625 3476 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
10:08:27.0640 3476 AntiVirSchedulerService - ok
10:08:27.0718 3476 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
10:08:27.0734 3476 AntiVirService - ok
10:08:27.0734 3476 AppMgmt - ok
10:08:27.0890 3476 AR5416 (93f49c5c234040d9b9fe25eadb2b3a44) C:\WINDOWS\system32\DRIVERS\athw.sys
10:08:28.0046 3476 AR5416 - ok
10:08:28.0203 3476 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:08:28.0328 3476 Arp1394 - ok
10:08:28.0328 3476 asc - ok
10:08:28.0328 3476 asc3350p - ok
10:08:28.0343 3476 asc3550 - ok
10:08:28.0500 3476 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:08:28.0546 3476 aspnet_state - ok
10:08:28.0593 3476 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:08:28.0703 3476 AsyncMac - ok
10:08:28.0718 3476 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:08:28.0843 3476 atapi - ok
10:08:28.0843 3476 Atdisk - ok
10:08:28.0921 3476 Ati HotKey Poller (77c3f65a387f5e24228b7cc3557288e6) C:\WINDOWS\system32\Ati2evxx.exe
10:08:29.0000 3476 Ati HotKey Poller - ok
10:08:29.0187 3476 ati2mtag (01526c7a691913a7b09d0eb22b70c5d7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:08:29.0296 3476 ati2mtag - ok
10:08:29.0484 3476 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:08:29.0609 3476 Atmarpc - ok
10:08:29.0656 3476 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
10:08:29.0765 3476 AudioSrv - ok
10:08:29.0828 3476 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:08:29.0953 3476 audstub - ok
10:08:30.0015 3476 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:08:30.0125 3476 avgntflt - ok
10:08:30.0140 3476 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:08:30.0156 3476 avipbb - ok
10:08:30.0218 3476 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
10:08:30.0234 3476 avkmgr - ok
10:08:30.0312 3476 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:08:30.0468 3476 Beep - ok
10:08:30.0515 3476 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
10:08:30.0625 3476 Browser - ok
10:08:30.0656 3476 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
10:08:30.0734 3476 BrScnUsb - ok
10:08:30.0781 3476 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:08:30.0921 3476 cbidf2k - ok
10:08:30.0953 3476 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:08:31.0078 3476 CCDECODE - ok
10:08:31.0078 3476 cd20xrnt - ok
10:08:31.0093 3476 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:08:31.0234 3476 Cdaudio - ok
10:08:31.0265 3476 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:08:31.0375 3476 Cdfs - ok
10:08:31.0437 3476 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:08:31.0515 3476 Cdrom - ok
10:08:31.0515 3476 Changer - ok
10:08:31.0562 3476 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
10:08:31.0687 3476 CiSvc - ok
10:08:31.0703 3476 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
10:08:31.0828 3476 ClipSrv - ok
10:08:31.0937 3476 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:08:32.0062 3476 clr_optimization_v2.0.50727_32 - ok
10:08:32.0093 3476 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:08:32.0234 3476 CmBatt - ok
10:08:32.0234 3476 CmdIde - ok
10:08:32.0265 3476 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:08:32.0375 3476 Compbatt - ok
10:08:32.0390 3476 COMSysApp - ok
10:08:32.0390 3476 Cpqarray - ok
10:08:32.0421 3476 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
10:08:32.0546 3476 CryptSvc - ok
10:08:32.0609 3476 CXPLRCAP (049a65683e36fbb896ee5cd45c55d3a3) C:\WINDOWS\system32\drivers\CxPlrCap.sys
10:08:32.0625 3476 CXPLRCAP ( UnsignedFile.Multi.Generic ) - warning
10:08:32.0625 3476 CXPLRCAP - detected UnsignedFile.Multi.Generic (1)
10:08:32.0625 3476 dac2w2k - ok
10:08:32.0625 3476 dac960nt - ok
10:08:32.0703 3476 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
10:08:32.0812 3476 DcomLaunch - ok
10:08:32.0875 3476 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
10:08:32.0984 3476 Dhcp - ok
10:08:33.0000 3476 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:08:33.0125 3476 Disk - ok
10:08:33.0125 3476 dmadmin - ok
10:08:33.0203 3476 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
10:08:33.0328 3476 dmboot - ok
10:08:33.0359 3476 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
10:08:33.0484 3476 dmio - ok
10:08:33.0531 3476 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:08:33.0656 3476 dmload - ok
10:08:33.0687 3476 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
10:08:33.0812 3476 dmserver - ok
10:08:33.0843 3476 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:08:33.0953 3476 DMusic - ok
10:08:34.0000 3476 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
10:08:34.0109 3476 Dnscache - ok
10:08:34.0156 3476 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
10:08:34.0265 3476 Dot3svc - ok
10:08:34.0281 3476 dpti2o - ok
10:08:34.0296 3476 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:08:34.0406 3476 drmkaud - ok
10:08:34.0437 3476 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
10:08:34.0562 3476 EapHost - ok
10:08:34.0609 3476 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
10:08:34.0734 3476 ERSvc - ok
10:08:34.0796 3476 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
10:08:34.0843 3476 Eventlog - ok
10:08:34.0875 3476 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
10:08:34.0906 3476 EventSystem - ok
10:08:34.0937 3476 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:08:35.0046 3476 Fastfat - ok
10:08:35.0093 3476 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:08:35.0218 3476 FastUserSwitchingCompatibility - ok
10:08:35.0234 3476 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:08:35.0343 3476 Fdc - ok
10:08:35.0359 3476 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
10:08:35.0468 3476 Fips - ok
10:08:35.0609 3476 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:08:35.0671 3476 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:08:35.0671 3476 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:08:35.0687 3476 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:08:35.0796 3476 Flpydisk - ok
10:08:35.0921 3476 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:08:36.0031 3476 FltMgr - ok
10:08:36.0156 3476 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:08:36.0171 3476 FontCache3.0.0.0 - ok
10:08:36.0203 3476 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:08:36.0359 3476 Fs_Rec - ok
10:08:36.0437 3476 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:08:36.0625 3476 Ftdisk - ok
10:08:36.0640 3476 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:08:36.0750 3476 Gpc - ok
10:08:36.0859 3476 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
10:08:36.0875 3476 gupdate - ok
10:08:36.0875 3476 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
10:08:36.0890 3476 gupdatem - ok
10:08:36.0953 3476 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
10:08:36.0968 3476 gusvc - ok
10:08:36.0984 3476 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:08:37.0109 3476 HDAudBus - ok
10:08:37.0203 3476 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:08:37.0296 3476 helpsvc - ok
10:08:37.0312 3476 HidServ - ok
10:08:37.0328 3476 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:08:37.0437 3476 hidusb - ok
10:08:37.0484 3476 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
10:08:37.0593 3476 hkmsvc - ok
10:08:37.0593 3476 hpn - ok
10:08:37.0656 3476 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:08:37.0718 3476 HTTP - ok
10:08:37.0765 3476 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
10:08:37.0890 3476 HTTPFilter - ok
10:08:37.0890 3476 i2omgmt - ok
10:08:37.0890 3476 i2omp - ok
10:08:37.0953 3476 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:08:38.0062 3476 i8042prt - ok
10:08:38.0218 3476 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:08:38.0234 3476 IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:08:38.0234 3476 IDriverT - detected UnsignedFile.Multi.Generic (1)
10:08:38.0328 3476 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:08:38.0406 3476 idsvc - ok
10:08:38.0437 3476 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:08:38.0546 3476 Imapi - ok
10:08:38.0593 3476 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
10:08:38.0718 3476 ImapiService - ok
10:08:38.0718 3476 ini910u - ok
10:08:39.0046 3476 IntcAzAudAddService (c4006af18682fca0d8a011a0a21070f8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:08:39.0281 3476 IntcAzAudAddService - ok
10:08:39.0406 3476 IntelIde - ok
10:08:39.0468 3476 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:08:39.0593 3476 Ip6Fw - ok
10:08:39.0640 3476 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:08:39.0781 3476 IpFilterDriver - ok
10:08:39.0828 3476 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:08:39.0937 3476 IpInIp - ok
10:08:39.0968 3476 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:08:40.0093 3476 IpNat - ok
10:08:40.0140 3476 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:08:40.0250 3476 IPSec - ok
10:08:40.0265 3476 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:08:40.0390 3476 IRENUM - ok
10:08:40.0406 3476 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:08:40.0515 3476 isapnp - ok
10:08:40.0656 3476 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
10:08:40.0671 3476 JavaQuickStarterService - ok
10:08:40.0718 3476 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:08:40.0828 3476 Kbdclass - ok
10:08:40.0890 3476 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:08:41.0015 3476 kmixer - ok
10:08:41.0046 3476 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:08:41.0125 3476 KSecDD - ok
10:08:41.0187 3476 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
10:08:41.0250 3476 lanmanserver - ok
10:08:41.0281 3476 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
10:08:41.0312 3476 lanmanworkstation - ok
10:08:41.0328 3476 lbrtfdc - ok
10:08:41.0390 3476 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
10:08:41.0500 3476 LmHosts - ok
10:08:41.0531 3476 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
10:08:41.0546 3476 MBAMProtector - ok
10:08:41.0625 3476 MBAMService (43683e970f008c93c9429ef428147a54) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
10:08:41.0671 3476 MBAMService - ok
10:08:41.0718 3476 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
10:08:41.0843 3476 Messenger - ok
10:08:41.0890 3476 MGHwCtrl (25a4177b8abf458691138f0c9684e70f) C:\WINDOWS\system32\drivers\MGHwCtrl.sys
10:08:41.0906 3476 MGHwCtrl ( UnsignedFile.Multi.Generic ) - warning
10:08:41.0906 3476 MGHwCtrl - detected UnsignedFile.Multi.Generic (1)
10:08:41.0953 3476 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:08:42.0109 3476 mnmdd - ok
10:08:42.0156 3476 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
10:08:42.0281 3476 mnmsrvc - ok
10:08:42.0312 3476 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
10:08:42.0421 3476 Modem - ok
10:08:42.0453 3476 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:08:42.0562 3476 Mouclass - ok
10:08:42.0625 3476 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:08:42.0765 3476 mouhid - ok
10:08:42.0796 3476 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:08:42.0890 3476 MountMgr - ok
10:08:42.0953 3476 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
10:08:42.0968 3476 MozillaMaintenance - ok
10:08:43.0000 3476 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
10:08:43.0109 3476 MPE - ok
10:08:43.0109 3476 mraid35x - ok
10:08:43.0125 3476 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:08:43.0265 3476 MRxDAV - ok
10:08:43.0343 3476 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:08:43.0421 3476 MRxSmb - ok
10:08:43.0468 3476 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
10:08:43.0593 3476 MSDTC - ok
10:08:43.0640 3476 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:08:43.0765 3476 Msfs - ok
10:08:43.0765 3476 MSIServer - ok
10:08:43.0796 3476 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:08:43.0890 3476 MSKSSRV - ok
10:08:43.0921 3476 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:08:44.0046 3476 MSPCLOCK - ok
10:08:44.0078 3476 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:08:44.0203 3476 MSPQM - ok
10:08:44.0234 3476 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:08:44.0343 3476 mssmbios - ok
10:08:44.0375 3476 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:08:44.0468 3476 MSTEE - ok
10:08:44.0484 3476 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:08:44.0578 3476 Mup - ok
10:08:44.0609 3476 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:08:44.0734 3476 NABTSFEC - ok
10:08:44.0812 3476 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
10:08:44.0937 3476 napagent - ok
10:08:44.0968 3476 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:08:45.0093 3476 NDIS - ok
10:08:45.0125 3476 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:08:45.0250 3476 NdisIP - ok
10:08:45.0281 3476 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:08:45.0296 3476 NdisTapi - ok
10:08:45.0343 3476 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:08:45.0453 3476 Ndisuio - ok
10:08:45.0468 3476 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:08:45.0578 3476 NdisWan - ok
10:08:45.0625 3476 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:08:45.0718 3476 NDProxy - ok
10:08:45.0734 3476 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:08:45.0843 3476 NetBIOS - ok
10:08:45.0906 3476 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:08:46.0015 3476 NetBT - ok
10:08:46.0062 3476 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
10:08:46.0203 3476 NetDDE - ok
10:08:46.0203 3476 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
10:08:46.0312 3476 NetDDEdsdm - ok
10:08:46.0390 3476 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:08:46.0515 3476 Netlogon - ok
10:08:46.0625 3476 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
10:08:46.0750 3476 Netman - ok
10:08:46.0875 3476 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:08:46.0890 3476 NetTcpPortSharing - ok
10:08:46.0906 3476 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:08:47.0015 3476 NIC1394 - ok
10:08:47.0125 3476 NishService (aff24206ffc1081787155b03c99ba716) C:\Programme\System Control Manager\edd.exe
10:08:47.0125 3476 NishService ( UnsignedFile.Multi.Generic ) - warning
10:08:47.0125 3476 NishService - detected UnsignedFile.Multi.Generic (1)
10:08:47.0187 3476 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
10:08:47.0265 3476 Nla - ok
10:08:47.0328 3476 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:08:47.0421 3476 Npfs - ok
10:08:47.0453 3476 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:08:47.0625 3476 Ntfs - ok
10:08:47.0640 3476 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:08:47.0734 3476 NtLmSsp - ok
10:08:47.0781 3476 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
10:08:47.0921 3476 NtmsSvc - ok
10:08:47.0953 3476 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:08:48.0093 3476 Null - ok
10:08:48.0140 3476 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:08:48.0296 3476 NwlnkFlt - ok
10:08:48.0296 3476 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:08:48.0437 3476 NwlnkFwd - ok
10:08:48.0453 3476 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:08:48.0546 3476 ohci1394 - ok
10:08:48.0609 3476 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
10:08:48.0718 3476 Parport - ok
10:08:48.0734 3476 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:08:48.0843 3476 PartMgr - ok
10:08:48.0875 3476 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
10:08:49.0015 3476 ParVdm - ok
10:08:49.0015 3476 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
10:08:49.0125 3476 PCI - ok
10:08:49.0125 3476 PCIDump - ok
10:08:49.0171 3476 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:08:49.0328 3476 PCIIde - ok
10:08:49.0375 3476 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:08:49.0484 3476 Pcmcia - ok
10:08:49.0484 3476 PDCOMP - ok
10:08:49.0500 3476 PDFRAME - ok
10:08:49.0515 3476 PDRELI - ok
10:08:49.0515 3476 PDRFRAME - ok
10:08:49.0531 3476 perc2 - ok
10:08:49.0531 3476 perc2hib - ok
10:08:49.0593 3476 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
10:08:49.0640 3476 PlugPlay - ok
10:08:49.0640 3476 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:08:49.0750 3476 PolicyAgent - ok
10:08:49.0781 3476 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:08:49.0906 3476 PptpMiniport - ok
10:08:49.0921 3476 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
10:08:50.0031 3476 Processor - ok
10:08:50.0046 3476 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:08:50.0140 3476 ProtectedStorage - ok
10:08:50.0156 3476 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:08:50.0296 3476 PSched - ok
10:08:50.0312 3476 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:08:50.0484 3476 Ptilink - ok
10:08:50.0531 3476 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:08:50.0546 3476 PxHelp20 - ok
10:08:50.0546 3476 ql1080 - ok
10:08:50.0562 3476 Ql10wnt - ok
10:08:50.0562 3476 ql12160 - ok
10:08:50.0562 3476 ql1240 - ok
10:08:50.0578 3476 ql1280 - ok
10:08:50.0609 3476 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:08:50.0734 3476 RasAcd - ok
10:08:50.0781 3476 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
10:08:50.0890 3476 RasAuto - ok
10:08:50.0921 3476 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:08:51.0015 3476 Rasl2tp - ok
10:08:51.0078 3476 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
10:08:51.0187 3476 RasMan - ok
10:08:51.0187 3476 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:08:51.0312 3476 RasPppoe - ok
10:08:51.0312 3476 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:08:51.0453 3476 Raspti - ok
10:08:51.0484 3476 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:08:51.0578 3476 Rdbss - ok
10:08:51.0609 3476 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:08:51.0734 3476 RDPCDD - ok
10:08:51.0859 3476 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
10:08:51.0937 3476 RDPWD - ok
10:08:52.0000 3476 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
10:08:52.0109 3476 RDSessMgr - ok
10:08:52.0171 3476 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:08:52.0296 3476 redbook - ok
10:08:52.0312 3476 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
10:08:52.0437 3476 RemoteAccess - ok
10:08:52.0593 3476 RichVideo (616f6e52cae254727a886ba8eda1beea) C:\Programme\Cyberlink\Shared files\RichVideo.exe
10:08:52.0609 3476 RichVideo - ok
10:08:52.0625 3476 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
10:08:52.0687 3476 rimmptsk - ok
10:08:52.0703 3476 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
10:08:52.0734 3476 rimsptsk - ok
10:08:52.0750 3476 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
10:08:52.0781 3476 rismxdp - ok
10:08:52.0796 3476 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
10:08:52.0921 3476 RpcLocator - ok
10:08:53.0000 3476 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
10:08:53.0093 3476 RpcSs - ok
10:08:53.0125 3476 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
10:08:53.0281 3476 RSVP - ok
10:08:53.0343 3476 RTLE8023xp (6fc7ddf3b8d94fba7ac664452d6478d4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
10:08:53.0406 3476 RTLE8023xp - ok
10:08:53.0437 3476 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:08:53.0546 3476 SamSs - ok
10:08:53.0562 3476 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
10:08:53.0703 3476 SCardSvr - ok
10:08:53.0765 3476 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
10:08:53.0875 3476 Schedule - ok
10:08:53.0890 3476 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
10:08:54.0015 3476 sdbus - ok
10:08:54.0046 3476 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:08:54.0156 3476 Secdrv - ok
10:08:54.0187 3476 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
10:08:54.0312 3476 seclogon - ok
10:08:54.0312 3476 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
10:08:54.0421 3476 SENS - ok
10:08:54.0437 3476 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
10:08:54.0546 3476 Serial - ok
10:08:54.0578 3476 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
10:08:54.0687 3476 sffdisk - ok
10:08:54.0703 3476 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
10:08:54.0812 3476 sffp_sd - ok
10:08:54.0828 3476 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:08:54.0921 3476 Sfloppy - ok
10:08:54.0984 3476 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:08:55.0015 3476 ShellHWDetection - ok
10:08:55.0015 3476 Simbad - ok
10:08:55.0046 3476 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:08:55.0156 3476 SLIP - ok
10:08:55.0156 3476 Sparrow - ok
10:08:55.0187 3476 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:08:55.0296 3476 splitter - ok
10:08:55.0359 3476 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:08:55.0437 3476 Spooler - ok
10:08:55.0453 3476 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
10:08:55.0562 3476 sr - ok
10:08:55.0640 3476 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
10:08:55.0734 3476 srservice - ok
10:08:55.0765 3476 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:08:55.0843 3476 Srv - ok
10:08:55.0906 3476 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
10:08:56.0015 3476 SSDPSRV - ok
10:08:56.0062 3476 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:08:56.0078 3476 ssmdrv - ok
10:08:56.0156 3476 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
10:08:56.0265 3476 stisvc - ok
10:08:56.0296 3476 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:08:56.0421 3476 streamip - ok
10:08:56.0437 3476 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:08:56.0531 3476 swenum - ok
10:08:56.0593 3476 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:08:56.0718 3476 swmidi - ok
10:08:56.0718 3476 SwPrv - ok
10:08:56.0734 3476 symc810 - ok
10:08:56.0734 3476 symc8xx - ok
10:08:56.0750 3476 sym_hi - ok
10:08:56.0750 3476 sym_u3 - ok
10:08:56.0781 3476 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:08:56.0890 3476 sysaudio - ok
10:08:56.0937 3476 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
10:08:57.0062 3476 SysmonLog - ok
10:08:57.0109 3476 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
10:08:57.0265 3476 TapiSrv - ok
10:08:57.0328 3476 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:08:57.0390 3476 Tcpip - ok
10:08:57.0406 3476 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:08:57.0531 3476 TDPIPE - ok
10:08:57.0546 3476 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:08:57.0671 3476 TDTCP - ok
10:08:57.0703 3476 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:08:57.0796 3476 TermDD - ok
10:08:57.0828 3476 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
10:08:57.0937 3476 TermService - ok
10:08:58.0000 3476 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:08:58.0015 3476 Themes - ok
10:08:58.0015 3476 TosIde - ok
10:08:58.0015 3476 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
10:08:58.0140 3476 TrkWks - ok
10:08:58.0187 3476 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:08:58.0312 3476 Udfs - ok
10:08:58.0328 3476 ultra - ok
10:08:58.0359 3476 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:08:58.0500 3476 Update - ok
10:08:58.0531 3476 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
10:08:58.0640 3476 upnphost - ok
10:08:58.0671 3476 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
10:08:58.0781 3476 UPS - ok
10:08:58.0796 3476 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:08:58.0906 3476 usbccgp - ok
10:08:58.0921 3476 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:08:59.0046 3476 usbehci - ok
10:08:59.0046 3476 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:08:59.0156 3476 usbhub - ok
10:08:59.0187 3476 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:08:59.0296 3476 usbohci - ok
10:08:59.0343 3476 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:08:59.0453 3476 usbprint - ok
10:08:59.0468 3476 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:08:59.0578 3476 USBSTOR - ok
10:08:59.0593 3476 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
10:08:59.0687 3476 usbvideo - ok
10:08:59.0718 3476 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:08:59.0812 3476 VgaSave - ok
10:08:59.0812 3476 ViaIde - ok
10:08:59.0843 3476 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
10:08:59.0937 3476 VolSnap - ok
10:09:00.0015 3476 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
10:09:00.0125 3476 VSS - ok
10:09:00.0171 3476 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
10:09:00.0281 3476 W32Time - ok
10:09:00.0312 3476 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:09:00.0421 3476 Wanarp - ok
10:09:00.0421 3476 WDICA - ok
10:09:00.0437 3476 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:09:00.0546 3476 wdmaud - ok
10:09:00.0609 3476 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
10:09:00.0703 3476 WebClient - ok
10:09:00.0812 3476 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:09:00.0921 3476 winmgmt - ok
10:09:01.0031 3476 WinRM (f10075c2ec96d2eb118012e78ece2fc2) C:\WINDOWS\system32\WsmSvc.dll
10:09:01.0156 3476 WinRM - ok
10:09:01.0203 3476 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:09:01.0281 3476 WmdmPmSN - ok
10:09:01.0343 3476 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:09:01.0453 3476 WmiApSrv - ok
10:09:01.0656 3476 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
10:09:01.0765 3476 WMPNetworkSvc - ok
10:09:01.0765 3476 WSearch - ok
10:09:01.0859 3476 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:09:01.0968 3476 WSTCODEC - ok
10:09:02.0031 3476 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:09:02.0078 3476 WudfPf - ok
10:09:02.0093 3476 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:09:02.0109 3476 WudfRd - ok
10:09:02.0156 3476 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:09:02.0187 3476 WudfSvc - ok
10:09:02.0281 3476 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
10:09:02.0390 3476 WZCSVC - ok
10:09:02.0421 3476 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
10:09:02.0546 3476 xmlprov - ok
10:09:02.0609 3476 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
10:09:03.0093 3476 \Device\Harddisk0\DR0 - ok
10:09:03.0093 3476 Boot (0x1200) (8d2bd4112c18cb9293cc92ab42a82c75) \Device\Harddisk0\DR0\Partition0
10:09:03.0109 3476 \Device\Harddisk0\DR0\Partition0 - ok
10:09:03.0109 3476 ============================================================
10:09:03.0109 3476 Scan finished
10:09:03.0109 3476 ============================================================
10:09:03.0218 3472 Detected object count: 6
10:09:03.0218 3472 Actual detected object count: 6
10:10:07.0703 3472 AFS2K ( UnsignedFile.Multi.Generic ) - skipped by user
10:10:07.0703 3472 AFS2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:10:07.0703 3472 CXPLRCAP ( UnsignedFile.Multi.Generic ) - skipped by user
10:10:07.0703 3472 CXPLRCAP ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:10:07.0718 3472 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:10:07.0718 3472 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:10:07.0718 3472 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:10:07.0718 3472 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:10:07.0718 3472 MGHwCtrl ( UnsignedFile.Multi.Generic ) - skipped by user
10:10:07.0718 3472 MGHwCtrl ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:10:07.0718 3472 NishService ( UnsignedFile.Multi.Generic ) - skipped by user
10:10:07.0718 3472 NishService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Falls OTL nicht im abgesicherten Modus funktioniert, soll ich dann Combofix auch im abgesicherten Modus ausführen? Ich hab noch einmal mit OTL im abgesicherten Modus gescannt, aber nur mit den folgenden Pfaden (diesmal auch ohne die Platzhalter): Code:
ATTFilter :OTL
[2004.08.04 14:00:00 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{02d975ad-f735-95da-3e1a-b392fbf7d06f}\@
\036E1926292433DE0043EC177B07D329
[2012.08.07 22:25:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Live Security Platinum
:Commands
[emptytemp]
[Reboot]
Code:
ATTFilter All processes killed
========== OTL ==========
File C:\Dokumente und Einstellungen\Astrid.Bo\Lokale Einstellungen\Anwendungsdaten\{02d975ad-f735-95da-3e1a-b392fbf7d06f}\@ not found.
Folder C:\Dokumente und Einstellungen\Astrid.Bo\Startmenü\Programme\Live Security Platinum\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: All Users
User: Astrid.Bo
->Temp folder emptied: 425984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13053547 bytes
->Flash cache emptied: 492 bytes
User: Astrid~Bo
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 13,00 mb
OTL by OldTimer - Version 3.2.56.0 log created on 08092012_124720
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter All processes killed
========== OTL ==========
File C:\WINDOWS\Installer\{02d975ad-f735-95da-3e1a-b392fbf7d06f}\@ not found.
File C:\Dokumente und Einstellungen\Astrid.Bo\Lokale Einstellungen\Anwendungsdaten\{02d975ad-f735-95da-3e1a-b392fbf7d06f}\@ not found.
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E1926292433DE0043EC177B07D329\ not found.
Folder C:\Dokumente und Einstellungen\Astrid.Bo\Startmenü\Programme\Live Security Platinum\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: All Users
User: Astrid.Bo
->Temp folder emptied: 212992 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Astrid~Bo
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.56.0 log created on 08092012_125244
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter 12:55:04.0000 3260 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:55:04.0171 3260 ============================================================
12:55:04.0171 3260 Current date / time: 2012/08/09 12:55:04.0171
12:55:04.0171 3260 SystemInfo:
12:55:04.0171 3260
12:55:04.0171 3260 OS Version: 5.1.2600 ServicePack: 3.0
12:55:04.0171 3260 Product type: Workstation
12:55:04.0171 3260 ComputerName: ASTRID
12:55:04.0171 3260 UserName: Astrid.Bo
12:55:04.0171 3260 Windows directory: C:\WINDOWS
12:55:04.0171 3260 System windows directory: C:\WINDOWS
12:55:04.0171 3260 Processor architecture: Intel x86
12:55:04.0171 3260 Number of processors: 2
12:55:04.0171 3260 Page size: 0x1000
12:55:04.0171 3260 Boot type: Normal boot
12:55:04.0171 3260 ============================================================
12:55:06.0296 3260 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x635DF9, SectorsPerTrack: 0x8, TracksPerCylinder: 0x6, Type 'K0', Flags 0x00000054
12:55:06.0390 3260 ============================================================
12:55:06.0390 3260 \Device\Harddisk0\DR0:
12:55:06.0390 3260 MBR partitions:
12:55:06.0390 3260 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x8, BlocksNum 0x12A19E78
12:55:06.0390 3260 ============================================================
12:55:06.0546 3260 C: <-> \Device\Harddisk0\DR0\Partition0
12:55:06.0765 3260 ============================================================
12:55:06.0765 3260 Initialize success
12:55:06.0765 3260 ============================================================
12:55:12.0125 0644 ============================================================
12:55:12.0125 0644 Scan started
12:55:12.0125 0644 Mode: Manual; SigCheck; TDLFS;
12:55:12.0125 0644 ============================================================
12:55:13.0812 0644 Abiosdsk - ok
12:55:13.0812 0644 abp480n5 - ok
12:55:13.0984 0644 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:55:16.0281 0644 ACPI - ok
12:55:16.0343 0644 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:55:16.0500 0644 ACPIEC - ok
12:55:16.0609 0644 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:55:16.0718 0644 AdobeFlashPlayerUpdateSvc - ok
12:55:16.0718 0644 adpu160m - ok
12:55:16.0796 0644 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:55:16.0921 0644 aec - ok
12:55:16.0968 0644 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:55:17.0031 0644 AFD - ok
12:55:17.0093 0644 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
12:55:17.0125 0644 AFS2K ( UnsignedFile.Multi.Generic ) - warning
12:55:17.0125 0644 AFS2K - detected UnsignedFile.Multi.Generic (1)
12:55:17.0125 0644 Aha154x - ok
12:55:17.0140 0644 aic78u2 - ok
12:55:17.0140 0644 aic78xx - ok
12:55:17.0203 0644 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
12:55:17.0328 0644 Alerter - ok
12:55:17.0359 0644 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
12:55:17.0468 0644 ALG - ok
12:55:17.0468 0644 AliIde - ok
12:55:17.0515 0644 AmdK8 (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:55:17.0562 0644 AmdK8 - ok
12:55:17.0578 0644 amsint - ok
12:55:17.0578 0644 AppMgmt - ok
12:55:17.0718 0644 AR5416 (93f49c5c234040d9b9fe25eadb2b3a44) C:\WINDOWS\system32\DRIVERS\athw.sys
12:55:17.0890 0644 AR5416 - ok
12:55:18.0046 0644 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:55:18.0171 0644 Arp1394 - ok
12:55:18.0171 0644 asc - ok
12:55:18.0171 0644 asc3350p - ok
12:55:18.0187 0644 asc3550 - ok
12:55:18.0312 0644 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:55:18.0359 0644 aspnet_state - ok
12:55:18.0390 0644 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:55:18.0500 0644 AsyncMac - ok
12:55:18.0515 0644 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:55:18.0640 0644 atapi - ok
12:55:18.0640 0644 Atdisk - ok
12:55:18.0703 0644 Ati HotKey Poller (77c3f65a387f5e24228b7cc3557288e6) C:\WINDOWS\system32\Ati2evxx.exe
12:55:18.0781 0644 Ati HotKey Poller - ok
12:55:18.0968 0644 ati2mtag (01526c7a691913a7b09d0eb22b70c5d7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:55:19.0093 0644 ati2mtag - ok
12:55:19.0265 0644 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:55:19.0390 0644 Atmarpc - ok
12:55:19.0437 0644 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
12:55:19.0578 0644 AudioSrv - ok
12:55:19.0625 0644 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:55:19.0765 0644 audstub - ok
12:55:19.0875 0644 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:55:20.0031 0644 Beep - ok
12:55:20.0062 0644 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\System32\qmgr.dll
12:55:20.0250 0644 BITS - ok
12:55:20.0281 0644 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
12:55:20.0406 0644 Browser - ok
12:55:20.0437 0644 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
12:55:20.0515 0644 BrScnUsb - ok
12:55:20.0546 0644 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:55:20.0703 0644 cbidf2k - ok
12:55:20.0718 0644 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:55:20.0843 0644 CCDECODE - ok
12:55:20.0859 0644 cd20xrnt - ok
12:55:20.0906 0644 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:55:21.0046 0644 Cdaudio - ok
12:55:21.0062 0644 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:55:21.0343 0644 Cdfs - ok
12:55:21.0390 0644 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:55:21.0468 0644 Cdrom - ok
12:55:21.0468 0644 Changer - ok
12:55:21.0484 0644 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
12:55:21.0609 0644 CiSvc - ok
12:55:21.0625 0644 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
12:55:21.0765 0644 ClipSrv - ok
12:55:21.0859 0644 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:55:21.0921 0644 clr_optimization_v2.0.50727_32 - ok
12:55:21.0937 0644 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:55:22.0062 0644 CmBatt - ok
12:55:22.0078 0644 CmdIde - ok
12:55:22.0078 0644 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:55:22.0203 0644 Compbatt - ok
12:55:22.0203 0644 COMSysApp - ok
12:55:22.0218 0644 Cpqarray - ok
12:55:22.0250 0644 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
12:55:22.0375 0644 CryptSvc - ok
12:55:22.0421 0644 CXPLRCAP (049a65683e36fbb896ee5cd45c55d3a3) C:\WINDOWS\system32\drivers\CxPlrCap.sys
12:55:22.0437 0644 CXPLRCAP ( UnsignedFile.Multi.Generic ) - warning
12:55:22.0437 0644 CXPLRCAP - detected UnsignedFile.Multi.Generic (1)
12:55:22.0437 0644 dac2w2k - ok
12:55:22.0453 0644 dac960nt - ok
12:55:22.0531 0644 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
12:55:22.0609 0644 DcomLaunch - ok
12:55:22.0656 0644 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
12:55:22.0765 0644 Dhcp - ok
12:55:22.0781 0644 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:55:22.0890 0644 Disk - ok
12:55:22.0906 0644 dmadmin - ok
12:55:22.0968 0644 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
12:55:23.0093 0644 dmboot - ok
12:55:23.0125 0644 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
12:55:23.0234 0644 dmio - ok
12:55:23.0265 0644 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:55:23.0406 0644 dmload - ok
12:55:23.0453 0644 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
12:55:23.0562 0644 dmserver - ok
12:55:23.0578 0644 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:55:23.0718 0644 DMusic - ok
12:55:23.0765 0644 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
12:55:23.0875 0644 Dnscache - ok
12:55:23.0906 0644 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
12:55:24.0000 0644 Dot3svc - ok
12:55:24.0015 0644 dpti2o - ok
12:55:24.0031 0644 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:55:24.0140 0644 drmkaud - ok
12:55:24.0187 0644 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
12:55:24.0296 0644 EapHost - ok
12:55:24.0343 0644 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
12:55:24.0453 0644 ERSvc - ok
12:55:24.0515 0644 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:55:24.0562 0644 Eventlog - ok
12:55:24.0609 0644 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
12:55:24.0625 0644 EventSystem - ok
12:55:24.0656 0644 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:55:24.0765 0644 Fastfat - ok
12:55:24.0828 0644 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:55:24.0937 0644 FastUserSwitchingCompatibility - ok
12:55:24.0953 0644 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:55:25.0062 0644 Fdc - ok
12:55:25.0078 0644 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
12:55:25.0187 0644 Fips - ok
12:55:25.0296 0644 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:55:25.0453 0644 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:55:25.0453 0644 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:55:25.0484 0644 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:55:25.0609 0644 Flpydisk - ok
12:55:25.0625 0644 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:55:25.0734 0644 FltMgr - ok
12:55:25.0859 0644 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:55:25.0875 0644 FontCache3.0.0.0 - ok
12:55:25.0890 0644 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:55:26.0046 0644 Fs_Rec - ok
12:55:26.0078 0644 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:55:26.0250 0644 Ftdisk - ok
12:55:26.0296 0644 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:55:26.0421 0644 Gpc - ok
12:55:26.0515 0644 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
12:55:26.0531 0644 gupdate - ok
12:55:26.0546 0644 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
12:55:26.0562 0644 gupdatem - ok
12:55:26.0625 0644 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
12:55:26.0640 0644 gusvc - ok
12:55:26.0703 0644 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:55:26.0812 0644 HDAudBus - ok
12:55:26.0890 0644 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:55:27.0000 0644 helpsvc - ok
12:55:27.0000 0644 HidServ - ok
12:55:27.0015 0644 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:55:27.0125 0644 hidusb - ok
12:55:27.0156 0644 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
12:55:27.0265 0644 hkmsvc - ok
12:55:27.0265 0644 hpn - ok
12:55:27.0328 0644 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:55:27.0390 0644 HTTP - ok
12:55:27.0437 0644 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
12:55:27.0562 0644 HTTPFilter - ok
12:55:27.0562 0644 i2omgmt - ok
12:55:27.0562 0644 i2omp - ok
12:55:27.0609 0644 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:55:27.0734 0644 i8042prt - ok
12:55:27.0906 0644 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:55:27.0906 0644 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:55:27.0906 0644 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:55:28.0015 0644 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:55:28.0078 0644 idsvc - ok
12:55:28.0109 0644 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:55:28.0203 0644 Imapi - ok
12:55:28.0265 0644 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
12:55:28.0375 0644 ImapiService - ok
12:55:28.0375 0644 ini910u - ok
12:55:28.0703 0644 IntcAzAudAddService (c4006af18682fca0d8a011a0a21070f8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:55:28.0968 0644 IntcAzAudAddService - ok
12:55:29.0093 0644 IntelIde - ok
12:55:29.0156 0644 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:55:29.0265 0644 Ip6Fw - ok
12:55:29.0312 0644 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:55:29.0468 0644 IpFilterDriver - ok
12:55:29.0484 0644 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:55:29.0609 0644 IpInIp - ok
12:55:29.0640 0644 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:55:29.0765 0644 IpNat - ok
12:55:29.0781 0644 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:55:29.0890 0644 IPSec - ok
12:55:29.0906 0644 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:55:30.0031 0644 IRENUM - ok
12:55:30.0046 0644 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:55:30.0156 0644 isapnp - ok
12:55:30.0296 0644 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
12:55:30.0312 0644 JavaQuickStarterService - ok
12:55:30.0328 0644 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:55:30.0437 0644 Kbdclass - ok
12:55:30.0500 0644 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:55:30.0609 0644 kmixer - ok
12:55:30.0640 0644 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:55:30.0734 0644 KSecDD - ok
12:55:30.0781 0644 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
12:55:30.0843 0644 lanmanserver - ok
12:55:30.0875 0644 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
12:55:30.0921 0644 lanmanworkstation - ok
12:55:30.0921 0644 lbrtfdc - ok
12:55:30.0984 0644 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
12:55:31.0078 0644 LmHosts - ok
12:55:31.0109 0644 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
12:55:31.0359 0644 MBAMProtector - ok
12:55:31.0468 0644 MBAMService (43683e970f008c93c9429ef428147a54) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
12:55:31.0500 0644 MBAMService - ok
12:55:31.0531 0644 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
12:55:31.0656 0644 Messenger - ok
12:55:31.0703 0644 MGHwCtrl (25a4177b8abf458691138f0c9684e70f) C:\WINDOWS\system32\drivers\MGHwCtrl.sys
12:55:31.0718 0644 MGHwCtrl ( UnsignedFile.Multi.Generic ) - warning
12:55:31.0718 0644 MGHwCtrl - detected UnsignedFile.Multi.Generic (1)
12:55:31.0765 0644 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:55:31.0921 0644 mnmdd - ok
12:55:31.0968 0644 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
12:55:32.0078 0644 mnmsrvc - ok
12:55:32.0109 0644 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
12:55:32.0203 0644 Modem - ok
12:55:32.0234 0644 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:55:32.0343 0644 Mouclass - ok
12:55:32.0390 0644 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:55:32.0531 0644 mouhid - ok
12:55:32.0562 0644 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:55:32.0671 0644 MountMgr - ok
12:55:32.0734 0644 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
12:55:32.0750 0644 MozillaMaintenance - ok
12:55:32.0781 0644 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
12:55:32.0875 0644 MPE - ok
12:55:32.0875 0644 mraid35x - ok
12:55:32.0890 0644 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:55:33.0031 0644 MRxDAV - ok
12:55:33.0093 0644 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:55:33.0218 0644 MRxSmb - ok
12:55:33.0265 0644 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
12:55:33.0375 0644 MSDTC - ok
12:55:33.0406 0644 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:55:33.0531 0644 Msfs - ok
12:55:33.0546 0644 MSIServer - ok
12:55:33.0562 0644 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:55:33.0671 0644 MSKSSRV - ok
12:55:33.0703 0644 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:55:33.0796 0644 MSPCLOCK - ok
12:55:33.0812 0644 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:55:33.0937 0644 MSPQM - ok
12:55:33.0953 0644 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:55:34.0046 0644 mssmbios - ok
12:55:34.0078 0644 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:55:34.0171 0644 MSTEE - ok
12:55:34.0203 0644 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:55:34.0250 0644 Mup - ok
12:55:34.0281 0644 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:55:34.0406 0644 NABTSFEC - ok
12:55:34.0484 0644 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
12:55:34.0609 0644 napagent - ok
12:55:34.0640 0644 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:55:34.0750 0644 NDIS - ok
12:55:34.0781 0644 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:55:34.0890 0644 NdisIP - ok
12:55:34.0937 0644 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:55:34.0968 0644 NdisTapi - ok
12:55:35.0000 0644 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:55:35.0109 0644 Ndisuio - ok
12:55:35.0125 0644 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:55:35.0234 0644 NdisWan - ok
12:55:35.0281 0644 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:55:35.0359 0644 NDProxy - ok
12:55:35.0421 0644 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:55:35.0515 0644 NetBIOS - ok
12:55:35.0562 0644 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:55:35.0656 0644 NetBT - ok
12:55:35.0703 0644 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:55:35.0828 0644 NetDDE - ok
12:55:35.0828 0644 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:55:35.0921 0644 NetDDEdsdm - ok
12:55:35.0968 0644 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:55:36.0078 0644 Netlogon - ok
12:55:36.0140 0644 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
12:55:36.0250 0644 Netman - ok
12:55:36.0390 0644 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:55:36.0406 0644 NetTcpPortSharing - ok
12:55:36.0468 0644 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:55:36.0562 0644 NIC1394 - ok
12:55:36.0671 0644 NishService (aff24206ffc1081787155b03c99ba716) C:\Programme\System Control Manager\edd.exe
12:55:36.0687 0644 NishService ( UnsignedFile.Multi.Generic ) - warning
12:55:36.0687 0644 NishService - detected UnsignedFile.Multi.Generic (1)
12:55:36.0750 0644 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
12:55:36.0796 0644 Nla - ok
12:55:36.0859 0644 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:55:36.0953 0644 Npfs - ok
12:55:36.0984 0644 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:55:37.0156 0644 Ntfs - ok
12:55:37.0156 0644 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:55:37.0265 0644 NtLmSsp - ok
12:55:37.0343 0644 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
12:55:37.0484 0644 NtmsSvc - ok
12:55:37.0531 0644 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:55:37.0671 0644 Null - ok
12:55:37.0718 0644 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:55:37.0875 0644 NwlnkFlt - ok
12:55:37.0875 0644 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:55:38.0015 0644 NwlnkFwd - ok
12:55:38.0031 0644 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:55:38.0125 0644 ohci1394 - ok
12:55:38.0171 0644 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
12:55:38.0281 0644 Parport - ok
12:55:38.0312 0644 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:55:38.0421 0644 PartMgr - ok
12:55:38.0437 0644 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
12:55:38.0593 0644 ParVdm - ok
12:55:38.0593 0644 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
12:55:38.0703 0644 PCI - ok
12:55:38.0703 0644 PCIDump - ok
12:55:38.0734 0644 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:55:38.0890 0644 PCIIde - ok
12:55:38.0921 0644 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:55:39.0015 0644 Pcmcia - ok
12:55:39.0015 0644 PDCOMP - ok
12:55:39.0046 0644 PDFRAME - ok
12:55:39.0062 0644 PDRELI - ok
12:55:39.0062 0644 PDRFRAME - ok
12:55:39.0062 0644 perc2 - ok
12:55:39.0078 0644 perc2hib - ok
12:55:39.0281 0644 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
12:55:39.0328 0644 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
12:55:39.0328 0644 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
12:55:39.0375 0644 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:55:39.0421 0644 PlugPlay - ok
12:55:39.0421 0644 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:55:39.0531 0644 PolicyAgent - ok
12:55:39.0562 0644 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:55:39.0671 0644 PptpMiniport - ok
12:55:39.0687 0644 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
12:55:39.0812 0644 Processor - ok
12:55:39.0812 0644 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:55:39.0921 0644 ProtectedStorage - ok
12:55:39.0921 0644 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:55:40.0031 0644 PSched - ok
12:55:40.0062 0644 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:55:40.0218 0644 Ptilink - ok
12:55:40.0281 0644 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:55:40.0281 0644 PxHelp20 - ok
12:55:40.0296 0644 ql1080 - ok
12:55:40.0296 0644 Ql10wnt - ok
12:55:40.0296 0644 ql12160 - ok
12:55:40.0312 0644 ql1240 - ok
12:55:40.0312 0644 ql1280 - ok
12:55:40.0343 0644 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:55:40.0484 0644 RasAcd - ok
12:55:40.0531 0644 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
12:55:40.0640 0644 RasAuto - ok
12:55:40.0656 0644 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:55:40.0765 0644 Rasl2tp - ok
12:55:40.0812 0644 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
12:55:40.0921 0644 RasMan - ok
12:55:40.0937 0644 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:55:41.0046 0644 RasPppoe - ok
12:55:41.0046 0644 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:55:41.0187 0644 Raspti - ok
12:55:41.0218 0644 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:55:41.0312 0644 Rdbss - ok
12:55:41.0359 0644 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:55:41.0500 0644 RDPCDD - ok
12:55:41.0531 0644 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
12:55:41.0609 0644 RDPWD - ok
12:55:41.0656 0644 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
12:55:41.0765 0644 RDSessMgr - ok
12:55:41.0812 0644 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:55:41.0921 0644 redbook - ok
12:55:41.0953 0644 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
12:55:42.0078 0644 RemoteAccess - ok
12:55:42.0218 0644 RichVideo (616f6e52cae254727a886ba8eda1beea) C:\Programme\Cyberlink\Shared files\RichVideo.exe
12:55:42.0234 0644 RichVideo - ok
12:55:42.0281 0644 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
12:55:42.0359 0644 rimmptsk - ok
12:55:42.0359 0644 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
12:55:42.0406 0644 rimsptsk - ok
12:55:42.0406 0644 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
12:55:42.0437 0644 rismxdp - ok
12:55:42.0437 0644 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
12:55:42.0562 0644 RpcLocator - ok
12:55:42.0625 0644 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
12:55:42.0687 0644 RpcSs - ok
12:55:42.0703 0644 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
12:55:42.0843 0644 RSVP - ok
12:55:42.0890 0644 RTLE8023xp (6fc7ddf3b8d94fba7ac664452d6478d4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:55:42.0968 0644 RTLE8023xp - ok
12:55:43.0000 0644 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:55:43.0093 0644 SamSs - ok
12:55:43.0125 0644 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
12:55:43.0234 0644 SCardSvr - ok
12:55:43.0296 0644 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
12:55:43.0406 0644 Schedule - ok
12:55:43.0437 0644 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:55:43.0546 0644 sdbus - ok
12:55:43.0578 0644 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:55:43.0687 0644 Secdrv - ok
12:55:43.0718 0644 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
12:55:43.0843 0644 seclogon - ok
12:55:43.0843 0644 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
12:55:43.0968 0644 SENS - ok
12:55:43.0984 0644 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
12:55:44.0093 0644 Serial - ok
12:55:44.0156 0644 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
12:55:44.0265 0644 sffdisk - ok
12:55:44.0265 0644 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
12:55:44.0375 0644 sffp_sd - ok
12:55:44.0421 0644 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:55:44.0531 0644 Sfloppy - ok
12:55:44.0578 0644 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:55:44.0593 0644 ShellHWDetection - ok
12:55:44.0609 0644 Simbad - ok
12:55:44.0640 0644 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:55:44.0750 0644 SLIP - ok
12:55:44.0750 0644 Sparrow - ok
12:55:44.0765 0644 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:55:44.0875 0644 splitter - ok
12:55:44.0921 0644 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:55:45.0000 0644 Spooler - ok
12:55:45.0031 0644 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
12:55:45.0125 0644 sr - ok
12:55:45.0187 0644 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
12:55:45.0296 0644 srservice - ok
12:55:45.0312 0644 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:55:45.0359 0644 Srv - ok
12:55:45.0421 0644 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
12:55:45.0531 0644 SSDPSRV - ok
12:55:45.0578 0644 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
12:55:45.0703 0644 stisvc - ok
12:55:45.0734 0644 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:55:45.0859 0644 streamip - ok
12:55:45.0859 0644 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:55:45.0984 0644 swenum - ok
12:55:46.0000 0644 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:55:46.0109 0644 swmidi - ok
12:55:46.0109 0644 SwPrv - ok
12:55:46.0109 0644 symc810 - ok
12:55:46.0125 0644 symc8xx - ok
12:55:46.0125 0644 sym_hi - ok
12:55:46.0125 0644 sym_u3 - ok
12:55:46.0140 0644 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:55:46.0250 0644 sysaudio - ok
12:55:46.0296 0644 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
12:55:46.0406 0644 SysmonLog - ok
12:55:46.0453 0644 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
12:55:46.0578 0644 TapiSrv - ok
12:55:46.0640 0644 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:55:46.0703 0644 Tcpip - ok
12:55:46.0718 0644 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:55:46.0843 0644 TDPIPE - ok
12:55:46.0859 0644 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:55:46.0984 0644 TDTCP - ok
12:55:47.0000 0644 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:55:47.0093 0644 TermDD - ok
12:55:47.0125 0644 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
12:55:47.0234 0644 TermService - ok
12:55:47.0296 0644 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:55:47.0312 0644 Themes - ok
12:55:47.0312 0644 TosIde - ok
12:55:47.0328 0644 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
12:55:47.0453 0644 TrkWks - ok
12:55:47.0500 0644 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:55:47.0625 0644 Udfs - ok
12:55:47.0625 0644 ultra - ok
12:55:47.0671 0644 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:55:47.0828 0644 Update - ok
12:55:47.0843 0644 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
12:55:47.0968 0644 upnphost - ok
12:55:47.0984 0644 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
12:55:48.0093 0644 UPS - ok
12:55:48.0140 0644 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:55:48.0250 0644 usbccgp - ok
12:55:48.0265 0644 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:55:48.0390 0644 usbehci - ok
12:55:48.0390 0644 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:55:48.0515 0644 usbhub - ok
12:55:48.0562 0644 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:55:48.0671 0644 usbohci - ok
12:55:48.0718 0644 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:55:48.0812 0644 usbprint - ok
12:55:48.0843 0644 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:55:48.0953 0644 USBSTOR - ok
12:55:48.0968 0644 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:55:49.0062 0644 usbvideo - ok
12:55:49.0078 0644 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:55:49.0171 0644 VgaSave - ok
12:55:49.0187 0644 ViaIde - ok
12:55:49.0234 0644 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
12:55:49.0343 0644 VolSnap - ok
12:55:49.0390 0644 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
12:55:49.0500 0644 VSS - ok
12:55:49.0531 0644 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
12:55:49.0656 0644 W32Time - ok
12:55:49.0671 0644 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:55:49.0765 0644 Wanarp - ok
12:55:49.0781 0644 WDICA - ok
12:55:49.0796 0644 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:55:49.0906 0644 wdmaud - ok
12:55:49.0921 0644 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
12:55:50.0031 0644 WebClient - ok
12:55:50.0140 0644 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:55:50.0250 0644 winmgmt - ok
12:55:50.0359 0644 WinRM (f10075c2ec96d2eb118012e78ece2fc2) C:\WINDOWS\system32\WsmSvc.dll
12:55:50.0531 0644 WinRM - ok
12:55:50.0546 0644 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:55:50.0625 0644 WmdmPmSN - ok
12:55:50.0671 0644 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:55:50.0781 0644 WmiApSrv - ok
12:55:50.0953 0644 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
12:55:51.0031 0644 WMPNetworkSvc - ok
12:55:51.0078 0644 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:55:51.0265 0644 WS2IFSL - ok
12:55:51.0312 0644 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
12:55:51.0406 0644 wscsvc - ok
12:55:51.0406 0644 WSearch - ok
12:55:51.0437 0644 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:55:51.0562 0644 WSTCODEC - ok
12:55:51.0593 0644 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
12:55:51.0703 0644 wuauserv - ok
12:55:51.0750 0644 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:55:51.0781 0644 WudfPf - ok
12:55:51.0796 0644 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:55:51.0812 0644 WudfRd - ok
12:55:51.0843 0644 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:55:51.0875 0644 WudfSvc - ok
12:55:51.0953 0644 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
12:55:52.0078 0644 WZCSVC - ok
12:55:52.0109 0644 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
12:55:52.0250 0644 xmlprov - ok
12:55:52.0281 0644 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
12:55:52.0781 0644 \Device\Harddisk0\DR0 - ok
12:55:52.0781 0644 Boot (0x1200) (8d2bd4112c18cb9293cc92ab42a82c75) \Device\Harddisk0\DR0\Partition0
12:55:52.0781 0644 \Device\Harddisk0\DR0\Partition0 - ok
12:55:52.0781 0644 ============================================================
12:55:52.0781 0644 Scan finished
12:55:52.0781 0644 ============================================================
12:55:52.0906 3696 Detected object count: 7
12:55:52.0906 3696 Actual detected object count: 7
12:55:54.0453 3696 AFS2K ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:54.0453 3696 AFS2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:54.0453 3696 CXPLRCAP ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:54.0453 3696 CXPLRCAP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:54.0453 3696 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:54.0453 3696 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:54.0453 3696 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:54.0453 3696 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:54.0453 3696 MGHwCtrl ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:54.0453 3696 MGHwCtrl ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:54.0453 3696 NishService ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:54.0453 3696 NishService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:54.0453 3696 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:54.0453 3696 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von Xaphox (09.08.2012 um 10:56 Uhr) Grund: Log Files anonymisiert |
|
09.08.2012, 12:45
| #8 |
| | Live Security Premium - Absturz im abgesicherten Modus Hi, erstelle und poste ein neues OTL-Log, mal sehen ob noch was da ist... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
09.08.2012, 13:19
| #9 | |
| | Live Security Premium - Absturz im abgesicherten Modus Hab inzwischen einen MAM-Scan gemacht: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.08.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Astrid.Bo :: ASTRID [Administrator] Schutz: Aktiviert 09.08.2012 13:41:13 mbam-log-2012-08-09 (13-41-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 278384 Laufzeit: 35 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Und hier der Quickscan von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.08.2012 15:19:31 - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Dokumente und Einstellungen\Astrid.Bo\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 76,06% Memory free 3,85 Gb Paging File | 3,43 Gb Available in Paging File | 89,20% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,05 Gb Total Space | 129,24 Gb Free Space | 86,71% Space Free | Partition Type: NTFS Computer Name: ASTRID | User Name: Astrid.Bo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.08 16:50:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\OTL.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.10.19 16:04:00 | 000,180,224 | ---- | M] (MSI) -- C:\Programme\System Control Manager\MGSysCtrl.exe PRC - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe ========== Modules (No Company Name) ========== MOD - [2012.06.23 13:00:11 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.06.23 13:00:08 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2012.06.13 19:26:52 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012.06.13 08:05:38 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.06.13 08:05:26 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.06.13 08:03:38 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2012.06.13 08:03:36 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.05.10 15:08:04 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.10 07:36:47 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.09 22:25:45 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.09 22:25:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2011.10.23 18:01:13 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2741.38382__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2011.10.23 18:01:13 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2741.38613__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2011.10.23 18:01:13 | 000,233,472 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2741.38339__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2741.38396__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2011.10.23 18:01:13 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2741.38605__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2741.38561__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2741.38374__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2011.10.23 18:01:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2741.38396__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2741.38500__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2741.38359__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2011.10.23 18:01:12 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2741.38641__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2011.10.23 18:00:53 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2741.38570__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:53 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2741.38648__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:53 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2741.38389__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:53 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2741.38576__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2011.10.23 18:00:53 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2741.38352__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:53 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2741.38569__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2011.10.23 18:00:53 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2741.38388__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2011.10.23 18:00:52 | 000,790,528 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2741.38508__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:52 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2741.38591__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2011.10.23 18:00:52 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.2741.38654__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.2741.38654__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,897,024 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2741.38606__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2741.38411__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2741.38501__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2741.38360__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2741.38548__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,327,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2741.38493__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2741.38418__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2011.10.23 18:00:51 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2741.38404__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2741.38527__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2741.38507__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2741.38500__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2741.38418__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2741.38507__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2741.38527__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2741.38548__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2700.34701__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2011.10.23 18:00:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2700.34689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2011.10.23 18:00:51 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2700.34750__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2011.10.23 18:00:51 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2700.34706__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2011.10.23 18:00:51 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2700.34739__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2011.10.23 18:00:50 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2700.34674__90ba9c70f846762e\CLI.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2700.34697__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2700.34727__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2011.10.23 18:00:50 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2700.34759__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2700.34671__90ba9c70f846762e\LOG.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2700.34808__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2011.10.23 18:00:50 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.2700.34759__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2700.34680__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2700.34751__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2700.34705__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2700.34694__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2700.34686__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2700.34714__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2700.34703__90ba9c70f846762e\MOM.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2700.34718__90ba9c70f846762e\DEM.OS.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2700.34754__90ba9c70f846762e\DEM.Graphics.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2700.34702__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2700.34713__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2700.34729__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2011.10.23 18:00:50 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2011.10.23 18:00:49 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2700.34728__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2700.34714__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2700.34722__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2705.19134__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2700.34726__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2700.34709__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2700.34716__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2700.34724__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2700.34708__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2700.34672__90ba9c70f846762e\AEM.Foundation.dll MOD - [2011.10.23 18:00:49 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2011.10.23 18:00:49 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2700.34717__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2700.34704__90ba9c70f846762e\APM.Foundation.dll MOD - [2011.10.23 18:00:49 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2700.34697__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2011.10.23 18:00:44 | 000,086,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2741.38620_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2011.10.23 18:00:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2741.38672__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2011.10.23 18:00:44 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2741.38329__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2011.10.23 18:00:43 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2741.38368__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2011.10.23 18:00:43 | 000,446,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2741.38620__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2011.10.23 18:00:43 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2741.38628__90ba9c70f846762e\MOM.Implementation.dll MOD - [2011.10.23 18:00:43 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2741.38331__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2011.10.23 18:00:43 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2741.38626__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2011.10.23 18:00:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2700.34690__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2011.10.23 18:00:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2700.34706__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2011.10.23 18:00:43 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2700.34681__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2011.10.23 18:00:43 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2700.34752__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2011.10.23 18:00:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2700.34708__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2011.10.23 18:00:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2700.34711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2011.10.23 18:00:42 | 001,503,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2741.38347__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2011.10.23 18:00:42 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2741.38331__90ba9c70f846762e\ATIDEMOS.dll MOD - [2011.10.23 18:00:42 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2741.38331__90ba9c70f846762e\APM.Server.dll MOD - [2011.10.23 18:00:42 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2741.38330__90ba9c70f846762e\AEM.Server.dll MOD - [2011.10.23 18:00:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2700.34698__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2011.10.23 18:00:42 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2741.38627__90ba9c70f846762e\CCC.Implementation.dll MOD - [2011.10.23 18:00:42 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2011.10.23 18:00:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2700.34740__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2007.08.08 15:41:24 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\MGHwCtrl.dll MOD - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe MOD - [2005.08.26 11:41:14 | 000,010,752 | ---- | M] () -- C:\Programme\System Control Manager\MGKBHook.dll MOD - [2004.07.06 15:12:00 | 000,290,816 | ---- | M] () -- C:\Programme\System Control Manager\CmSuppX.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.08.03 18:01:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.29 18:50:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.10.23 21:28:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.06.26 08:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart) SRV - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\edd.exe -- (NishService) SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.18 15:40:44 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2011.10.16 19:09:40 | 000,188,032 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CxPlrCap.sys -- (CXPLRCAP) DRV - [2009.11.27 15:20:06 | 000,177,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009.09.07 18:59:16 | 001,584,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2008.04.13 21:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2007.08.08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.18 19:26:04 | 004,547,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007.07.04 21:55:40 | 002,304,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.07.03 10:31:26 | 000,009,088 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MGHwCtrl.sys -- (MGHwCtrl) DRV - [2006.06.18 23:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {5A19F5FE-0304-4F04-A01F-A94D8FF9CF2F} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{5A19F5FE-0304-4F04-A01F-A94D8FF9CF2F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {5A19F5FE-0304-4F04-A01F-A94D8FF9CF2F} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{5A19F5FE-0304-4F04-A01F-A94D8FF9CF2F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7OPCH_deDE458 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.29 18:50:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.02.13 00:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Mozilla\Extensions [2012.02.13 00:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de [2012.06.27 21:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Mozilla\Firefox\Profiles\28uz4g5l.default\extensions [2012.04.15 14:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.29 18:50:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340449039000 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.99.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DE1132E-F712-4BCF-8E88-9682CF39B8BB}: DhcpNameServer = 192.168.99.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.23 16:21:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.09 13:17:38 | 000,000,000 | --SD | C] -- C:\ComboFix [2012.08.09 10:16:34 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.08.09 10:14:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.08.09 10:14:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.08.09 10:14:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.08.09 10:14:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.08.09 10:12:25 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.08.09 10:12:20 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos [2012.08.09 10:12:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.08.08 21:08:53 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Astrid.Bo\Recent [2012.08.08 17:18:21 | 004,727,758 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\ComboFix.exe [2012.08.08 17:15:07 | 000,000,000 | ---D | C] -- C:\TDSSkiller [2012.08.08 16:53:32 | 000,000,000 | ---D | C] -- C:\_OTL [2012.08.08 16:50:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\OTL.exe [2012.08.08 14:11:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Malwarebytes [2012.08.08 14:10:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.08.08 14:10:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.08.08 14:10:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.08.08 14:10:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.08.08 10:08:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2012.08.08 10:03:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2012.08.07 23:29:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Astrid.Bo\IPM [2012.08.07 22:24:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E1926292433DE0043EC177B07D329 [2012.07.28 15:06:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Steuer 2008 [2012.07.28 15:05:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2012.07.23 08:21:25 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Astrid.Bo\Startmenü\Programme\Verwaltung [1 C:\Dokumente und Einstellungen\Astrid.Bo\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Astrid.Bo\Eigene Dateien\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.09 15:17:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.09 14:01:18 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.08.09 12:56:55 | 004,727,758 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\ComboFix.exe [2012.08.09 12:56:22 | 000,000,391 | ---- | M] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\Netzwerk-Festplatte.lnk [2012.08.09 10:16:38 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2012.08.08 21:13:56 | 000,003,034 | ---- | M] () -- C:\Programme\cc.xml [2012.08.08 21:09:48 | 000,260,542 | ---- | M] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Eigene Dateien\cc_20120808_210943.reg [2012.08.08 18:54:25 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\tqvnh0zs.exe [2012.08.08 16:50:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\OTL.exe [2012.08.08 15:54:29 | 000,512,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.08.08 14:10:14 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.08 10:02:12 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Astrid.Bo\defogger_reenable [2012.08.07 20:10:54 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.04 18:43:41 | 000,000,534 | ---- | M] () -- C:\WINDOWS\wiso.ini [2012.08.03 19:25:28 | 000,016,945 | ---- | M] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\DB BAHN - Verbindungen - Ihre Auskunft.pdf [2012.07.28 15:08:01 | 000,001,990 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer Hilfesammlung.lnk [2012.07.28 15:06:37 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2008.lnk [2012.07.24 19:15:08 | 000,002,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2010.lnk [2012.07.17 20:22:55 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.07.17 20:22:53 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.07.16 23:12:45 | 000,068,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Dokumente und Einstellungen\Astrid.Bo\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Astrid.Bo\Eigene Dateien\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.09 10:16:38 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2012.08.09 10:16:35 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.08.09 10:14:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.08.09 10:14:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.08.09 10:14:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.08.09 10:14:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.08.09 10:14:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.08.08 21:09:46 | 000,260,542 | ---- | C] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Eigene Dateien\cc_20120808_210943.reg [2012.08.08 18:54:24 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\tqvnh0zs.exe [2012.08.08 14:10:14 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.08 10:02:12 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Astrid.Bo\defogger_reenable [2012.08.03 19:25:28 | 000,016,945 | ---- | C] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\DB BAHN - Verbindungen - Ihre Auskunft.pdf [2012.07.28 15:08:01 | 000,001,990 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer Hilfesammlung.lnk [2012.07.28 15:06:37 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2008.lnk [2012.06.23 14:07:54 | 000,003,034 | ---- | C] () -- C:\Programme\cc.xml [2012.05.18 15:35:47 | 000,010,261 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini [2012.04.20 18:24:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.02.16 23:28:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.05 12:05:29 | 000,016,382 | R--- | C] () -- C:\WINDOWS\System32\drivers\merlinD.bin [2012.02.05 12:05:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2011.12.22 18:46:19 | 000,000,534 | ---- | C] () -- C:\WINDOWS\wiso.ini [2011.11.28 21:39:42 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini [2011.10.25 21:38:01 | 000,068,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.23 21:04:23 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011.10.23 21:04:23 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2011.10.23 21:00:26 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2011.10.23 21:00:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2011.10.23 21:00:26 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat [2011.10.23 20:59:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2011.10.23 20:57:16 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2011.10.23 20:44:37 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.10.23 20:17:33 | 000,787,208 | ---- | C] () -- C:\Programme\CleverCleaner.exe [2011.10.23 18:08:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011.10.23 18:05:45 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2011.10.23 17:54:01 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\MGHwCtrl.dll [2011.10.23 17:54:01 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MGFPCtrl.dll [2011.10.23 17:54:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MGPwrShm.dll [2011.10.23 17:40:35 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2011.10.23 17:40:35 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2011.10.23 17:40:35 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011.10.23 17:40:34 | 000,149,278 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.10.23 16:52:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.10.23 16:51:04 | 000,512,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.10.23 16:23:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.10.23 16:18:27 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== LOP Check ========== [2012.08.08 22:05:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E1926292433DE0043EC177B07D329 [2012.07.28 15:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2012.08.03 21:12:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2012.04.06 18:07:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2011.10.25 22:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2011.10.25 22:32:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.10.23 20:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2012.02.05 11:56:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp [2011.12.22 18:52:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Buhl Data Service [2012.04.06 18:08:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\elsterformular [2012.02.13 00:04:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Haufe Mediengruppe [2011.11.17 10:35:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\ICAClient [2011.10.25 22:32:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Lexware [2011.11.19 10:26:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\OpenCandy [2012.03.11 11:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\ScanSoft [2012.06.23 13:04:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Windows Desktop Search [2012.06.23 13:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Windows Search ========== Purity Check ========== < End of report > Keine Ahnung, warum meine neuen Posts alle in einem Posting auftauchen. Hab da wohl einen Button falsch gedrückt... Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.08.2012 15:19:31 - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Dokumente und Einstellungen\Astrid.Bo\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 76,06% Memory free 3,85 Gb Paging File | 3,43 Gb Available in Paging File | 89,20% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,05 Gb Total Space | 129,24 Gb Free Space | 86,71% Space Free | Partition Type: NTFS Computer Name: ASTRID | User Name: Astrid.Bo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.08 16:50:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\OTL.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.10.19 16:04:00 | 000,180,224 | ---- | M] (MSI) -- C:\Programme\System Control Manager\MGSysCtrl.exe PRC - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe ========== Modules (No Company Name) ========== MOD - [2012.06.23 13:00:11 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.06.23 13:00:08 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2012.06.13 19:26:52 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012.06.13 08:05:38 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.06.13 08:05:26 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.06.13 08:03:38 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2012.06.13 08:03:36 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.05.10 15:08:04 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.10 07:36:47 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.09 22:25:45 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.09 22:25:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2011.10.23 18:01:13 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2741.38382__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2011.10.23 18:01:13 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2741.38613__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2011.10.23 18:01:13 | 000,233,472 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2741.38339__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2741.38396__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2011.10.23 18:01:13 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2741.38605__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2741.38561__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2741.38374__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2011.10.23 18:01:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2741.38396__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2741.38500__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2011.10.23 18:01:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2741.38359__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2011.10.23 18:01:12 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2741.38641__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2011.10.23 18:00:53 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2741.38570__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:53 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2741.38648__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:53 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2741.38389__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:53 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2741.38576__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2011.10.23 18:00:53 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2741.38352__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:53 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2741.38569__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2011.10.23 18:00:53 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2741.38388__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2011.10.23 18:00:52 | 000,790,528 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2741.38508__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:52 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2741.38591__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2011.10.23 18:00:52 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.2741.38654__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.2741.38654__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,897,024 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2741.38606__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2741.38411__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2741.38501__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2741.38360__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2741.38548__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,327,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2741.38493__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2741.38418__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2011.10.23 18:00:51 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2741.38404__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2741.38527__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2011.10.23 18:00:51 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2741.38507__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2741.38500__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2741.38418__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2741.38507__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2741.38527__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2741.38548__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2011.10.23 18:00:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2700.34701__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2011.10.23 18:00:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2700.34689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2011.10.23 18:00:51 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2700.34750__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2011.10.23 18:00:51 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2700.34706__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2011.10.23 18:00:51 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2700.34739__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2011.10.23 18:00:50 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2700.34674__90ba9c70f846762e\CLI.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2700.34697__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2700.34727__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2011.10.23 18:00:50 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2700.34759__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2700.34671__90ba9c70f846762e\LOG.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2700.34808__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2011.10.23 18:00:50 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.2700.34759__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2700.34680__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2700.34751__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2700.34705__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2700.34694__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2700.34686__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2011.10.23 18:00:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2700.34714__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2700.34703__90ba9c70f846762e\MOM.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2700.34718__90ba9c70f846762e\DEM.OS.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2700.34754__90ba9c70f846762e\DEM.Graphics.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2700.34702__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2700.34713__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2011.10.23 18:00:50 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2700.34729__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2011.10.23 18:00:50 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2011.10.23 18:00:49 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2700.34728__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2700.34714__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2700.34722__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2705.19134__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2700.34726__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2700.34709__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2700.34716__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2700.34724__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2700.34708__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2700.34672__90ba9c70f846762e\AEM.Foundation.dll MOD - [2011.10.23 18:00:49 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2011.10.23 18:00:49 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2700.34717__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2011.10.23 18:00:49 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2700.34704__90ba9c70f846762e\APM.Foundation.dll MOD - [2011.10.23 18:00:49 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2700.34697__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2011.10.23 18:00:44 | 000,086,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2741.38620_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2011.10.23 18:00:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2741.38672__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2011.10.23 18:00:44 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2741.38329__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2011.10.23 18:00:43 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2741.38368__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2011.10.23 18:00:43 | 000,446,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2741.38620__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2011.10.23 18:00:43 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2741.38628__90ba9c70f846762e\MOM.Implementation.dll MOD - [2011.10.23 18:00:43 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2741.38331__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2011.10.23 18:00:43 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2741.38626__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2011.10.23 18:00:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2700.34690__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2011.10.23 18:00:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2700.34706__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2011.10.23 18:00:43 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2700.34681__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2011.10.23 18:00:43 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2700.34752__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2011.10.23 18:00:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2700.34708__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2011.10.23 18:00:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2700.34711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2011.10.23 18:00:42 | 001,503,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2741.38347__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2011.10.23 18:00:42 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2741.38331__90ba9c70f846762e\ATIDEMOS.dll MOD - [2011.10.23 18:00:42 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2741.38331__90ba9c70f846762e\APM.Server.dll MOD - [2011.10.23 18:00:42 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2741.38330__90ba9c70f846762e\AEM.Server.dll MOD - [2011.10.23 18:00:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2700.34698__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2011.10.23 18:00:42 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2741.38627__90ba9c70f846762e\CCC.Implementation.dll MOD - [2011.10.23 18:00:42 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2011.10.23 18:00:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2700.34740__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2007.08.08 15:41:24 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\MGHwCtrl.dll MOD - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe MOD - [2005.08.26 11:41:14 | 000,010,752 | ---- | M] () -- C:\Programme\System Control Manager\MGKBHook.dll MOD - [2004.07.06 15:12:00 | 000,290,816 | ---- | M] () -- C:\Programme\System Control Manager\CmSuppX.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.08.03 18:01:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.29 18:50:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.10.23 21:28:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.06.26 08:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart) SRV - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\edd.exe -- (NishService) SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.18 15:40:44 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2011.10.16 19:09:40 | 000,188,032 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CxPlrCap.sys -- (CXPLRCAP) DRV - [2009.11.27 15:20:06 | 000,177,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009.09.07 18:59:16 | 001,584,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2008.04.13 21:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2007.08.08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.18 19:26:04 | 004,547,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007.07.04 21:55:40 | 002,304,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.07.03 10:31:26 | 000,009,088 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MGHwCtrl.sys -- (MGHwCtrl) DRV - [2006.06.18 23:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {5A19F5FE-0304-4F04-A01F-A94D8FF9CF2F} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{5A19F5FE-0304-4F04-A01F-A94D8FF9CF2F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {5A19F5FE-0304-4F04-A01F-A94D8FF9CF2F} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{5A19F5FE-0304-4F04-A01F-A94D8FF9CF2F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7OPCH_deDE458 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.29 18:50:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.02.13 00:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Mozilla\Extensions [2012.02.13 00:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de [2012.06.27 21:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Mozilla\Firefox\Profiles\28uz4g5l.default\extensions [2012.04.15 14:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.29 18:50:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340449039000 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.99.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DE1132E-F712-4BCF-8E88-9682CF39B8BB}: DhcpNameServer = 192.168.99.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.23 16:21:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.09 13:17:38 | 000,000,000 | --SD | C] -- C:\ComboFix [2012.08.09 10:16:34 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.08.09 10:14:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.08.09 10:14:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.08.09 10:14:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.08.09 10:14:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.08.09 10:12:25 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.08.09 10:12:20 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos [2012.08.09 10:12:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.08.08 21:08:53 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Astrid.Bo\Recent [2012.08.08 17:18:21 | 004,727,758 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\ComboFix.exe [2012.08.08 17:15:07 | 000,000,000 | ---D | C] -- C:\TDSSkiller [2012.08.08 16:53:32 | 000,000,000 | ---D | C] -- C:\_OTL [2012.08.08 16:50:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\OTL.exe [2012.08.08 14:11:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Malwarebytes [2012.08.08 14:10:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.08.08 14:10:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.08.08 14:10:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.08.08 14:10:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.08.08 10:08:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2012.08.08 10:03:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2012.08.07 23:29:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Astrid.Bo\IPM [2012.08.07 22:24:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E1926292433DE0043EC177B07D329 [2012.07.28 15:06:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Steuer 2008 [2012.07.28 15:05:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2012.07.23 08:21:25 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Astrid.Bo\Startmenü\Programme\Verwaltung [1 C:\Dokumente und Einstellungen\Astrid.Bo\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Astrid.Bo\Eigene Dateien\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.09 15:17:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.09 14:01:18 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.08.09 12:56:55 | 004,727,758 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\ComboFix.exe [2012.08.09 12:56:22 | 000,000,391 | ---- | M] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\Netzwerk-Festplatte.lnk [2012.08.09 10:16:38 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2012.08.08 21:13:56 | 000,003,034 | ---- | M] () -- C:\Programme\cc.xml [2012.08.08 21:09:48 | 000,260,542 | ---- | M] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Eigene Dateien\cc_20120808_210943.reg [2012.08.08 18:54:25 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\tqvnh0zs.exe [2012.08.08 16:50:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\OTL.exe [2012.08.08 15:54:29 | 000,512,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.08.08 14:10:14 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.08 10:02:12 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Astrid.Bo\defogger_reenable [2012.08.07 20:10:54 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.04 18:43:41 | 000,000,534 | ---- | M] () -- C:\WINDOWS\wiso.ini [2012.08.03 19:25:28 | 000,016,945 | ---- | M] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\DB BAHN - Verbindungen - Ihre Auskunft.pdf [2012.07.28 15:08:01 | 000,001,990 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer Hilfesammlung.lnk [2012.07.28 15:06:37 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2008.lnk [2012.07.24 19:15:08 | 000,002,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2010.lnk [2012.07.17 20:22:55 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.07.17 20:22:53 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.07.16 23:12:45 | 000,068,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Dokumente und Einstellungen\Astrid.Bo\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Astrid.Bo\Eigene Dateien\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.09 10:16:38 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2012.08.09 10:16:35 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.08.09 10:14:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.08.09 10:14:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.08.09 10:14:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.08.09 10:14:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.08.09 10:14:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.08.08 21:09:46 | 000,260,542 | ---- | C] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Eigene Dateien\cc_20120808_210943.reg [2012.08.08 18:54:24 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\tqvnh0zs.exe [2012.08.08 14:10:14 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.08 10:02:12 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Astrid.Bo\defogger_reenable [2012.08.03 19:25:28 | 000,016,945 | ---- | C] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Desktop\DB BAHN - Verbindungen - Ihre Auskunft.pdf [2012.07.28 15:08:01 | 000,001,990 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer Hilfesammlung.lnk [2012.07.28 15:06:37 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2008.lnk [2012.06.23 14:07:54 | 000,003,034 | ---- | C] () -- C:\Programme\cc.xml [2012.05.18 15:35:47 | 000,010,261 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini [2012.04.20 18:24:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.02.16 23:28:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.05 12:05:29 | 000,016,382 | R--- | C] () -- C:\WINDOWS\System32\drivers\merlinD.bin [2012.02.05 12:05:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2011.12.22 18:46:19 | 000,000,534 | ---- | C] () -- C:\WINDOWS\wiso.ini [2011.11.28 21:39:42 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini [2011.10.25 21:38:01 | 000,068,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Astrid.Bo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.23 21:04:23 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011.10.23 21:04:23 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2011.10.23 21:00:26 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2011.10.23 21:00:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2011.10.23 21:00:26 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat [2011.10.23 20:59:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2011.10.23 20:57:16 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2011.10.23 20:44:37 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.10.23 20:17:33 | 000,787,208 | ---- | C] () -- C:\Programme\CleverCleaner.exe [2011.10.23 18:08:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011.10.23 18:05:45 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2011.10.23 17:54:01 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\MGHwCtrl.dll [2011.10.23 17:54:01 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MGFPCtrl.dll [2011.10.23 17:54:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MGPwrShm.dll [2011.10.23 17:40:35 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2011.10.23 17:40:35 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2011.10.23 17:40:35 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011.10.23 17:40:34 | 000,149,278 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.10.23 16:52:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.10.23 16:51:04 | 000,512,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.10.23 16:23:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.10.23 16:18:27 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== LOP Check ========== [2012.08.08 22:05:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E1926292433DE0043EC177B07D329 [2012.07.28 15:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2012.08.03 21:12:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2012.04.06 18:07:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2011.10.25 22:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2011.10.25 22:32:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.10.23 20:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2012.02.05 11:56:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp [2011.12.22 18:52:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Buhl Data Service [2012.04.06 18:08:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\elsterformular [2012.02.13 00:04:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Haufe Mediengruppe [2011.11.17 10:35:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\ICAClient [2011.10.25 22:32:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Lexware [2011.11.19 10:26:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\OpenCandy [2012.03.11 11:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\ScanSoft [2012.06.23 13:04:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Windows Desktop Search [2012.06.23 13:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Astrid.Bo\Anwendungsdaten\Windows Search ========== Purity Check ========== < End of report > Ich hoffe, dass ich den Plagegeist endlich losgeworden bin... |
|
13.08.2012, 06:41
| #10 |
| | Live Security Premium - Absturz im abgesicherten Modus Hi, das sieht eigentlich gut aus, wir müssen noch etwas aufräumen... Combofix deinstallieren: Klicke auf Start (Windows 7 Start Button) und tippe dann in das Suchfeld combofix /uninstall, wie im Piktogram unter diesem Text mit dem blauen Pfeil. Bitte sicherstellen, dass ein Leerzeichen zwischen Combofix und /uninstall ist. Combofix deinstallieren  OLT, den Killer und das Verzeichnis C:\_OTL kannst Du löschen... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
13.08.2012, 20:37
| #11 |
| | Live Security Premium - Absturz im abgesicherten Modus Hab alles ausgeführt. Es gibt nur noch ein Problem: Die Windows-Firewall läst sich nicht aktivieren. Wenn ich auf das Symbol in der Taskleiste klicke und dann im Sicherheitscenter die Firewall aktivieren will, kommt die Meldung, dass das Sicherheitscenter die Firewall nicht aktivieren konnte und ich es manuell über die Systemsteuerung versuchen soll. Wähle ich dann in der Systemsteuerung "Windows Firewall" aus, kommt die Meldung "Aufgrund eines unbekannten Problems können die Einstellungen des Windows Firewalls nicht angezeigt werden". Hängt das noch mit dem besch.... Virus zusammen? |
|
14.08.2012, 06:38
| #12 |
| | Live Security Premium - Absturz im abgesicherten Modus Hi, ja, die "zerschießen bzw. löschen" die Firewalleinstellung samt Dienst! Probiere das hier mal aus (sollte auch mit SP3 klappen): Die XP-Firewall wieder aktivieren [Windows-Firewall/Gemeinsame Nutzung der Internetverbindung]: Tipparchiv - Windows XP SP2 Firewall Dienstprobleme - WinTotal.de bzw. Windows-Firewall in Windows XP SP 2 kann nicht gestartet werden chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
14.08.2012, 10:29
| #13 |
| | Live Security Premium - Absturz im abgesicherten Modus Hat geholfen!! Tausendmal danke!!!  |
|
| Themen zu Live Security Premium - Absturz im abgesicherten Modus |
| abgesicherte, abgesicherten, abgesicherten modus, absturz, automatisch, bildschirm, desktop, durchlauf, ebook, einfach, erschienen, freundin, gmer, live, loszuwerden, modus, netzwerk, netzwerktreiber, notebook, premium, rechner, scan, security, sekunden, vorgehen |
Linear-Darstellung
