| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Kritischer Fehler Festplatte - Daten weg - Nichts geht mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.06.2011, 11:15
| #1 |
 |  Kritischer Fehler Festplatte - Daten weg - Nichts geht mehr Hallo liebe Forengemeinde, ich hatte plötzlich das Problem dass mein Laptop einen kritischen Fehler der Festplatte meldete und irgendsoein Diagnoseprogramm von Windows XP startete. Nichts ging mehr und mein Desktop war leer, meine Schnellstartleiste weg und im Explorer gab es keine Dateien mehr. Auch die Programme unter "Start" waren leer gefegt. Habe ein bisschen im Internet recherchiert und bin auf dieses Forum gestoßen. Ich habe bereits etwas vorbereitet: Vollscan Nr. 1 mit Malwarebytes in einem schon lange bestehenden anderen Benutzerkonto, das gar nicht benutzt wurde (hab leider immer im Adminkonto gearbeitet). Konnte nicht mehr im Adminbereich scannen, da er dann abstürzte: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6842 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 12.06.2011 22:43:31 mbam-log-2011-06-12 (22-43-31).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 257202 Time elapsed: 55 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: c:\osidfjklsdw (Trojan.SpyEyes) -> Quarantined and deleted successfully. Files Infected: c:\dokumente und einstellungen\all users\anwendungsdaten\15654692.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\all users\anwendungsdaten\swpgvtldjxov.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\programme\gemeinsame dateien\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. c:\system volume information\_restore{391197e0-8c57-4c06-9c98-32e013c26e86}\RP141\A0079682.old (Adware.WidgiToolbar) -> Quarantined and deleted successfully. c:\osidfjklsdw\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully. Im Anschluss daran habe ich ins Adminkonto gewechselt und hab einen 2. Durchlauf durchgeführt: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 6842 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 13.06.2011 10:27:35 mbam-log-2011-06-13 (10-27-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 257360 Laufzeit: 55 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\osidfjklsdw.exe (Trojan.SpyEyes) -> Value: osidfjklsdw.exe -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Danach habe ich mit OTL wie hier schon zigfach beschrieben gescannt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.06.2011 10:40:12 - Run 1 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 81,20% Memory free 4,84 Gb Paging File | 4,39 Gb Available in Paging File | 90,53% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 148,80 Gb Total Space | 90,16 Gb Free Space | 60,59% Space Free | Partition Type: NTFS Drive E: | 3,84 Gb Total Space | 1,94 Gb Free Space | 50,40% Space Free | Partition Type: FAT32 Computer Name: CHRIS | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.12 16:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.05.06 18:15:20 | 000,532,320 | -H-- | M] (Spigot, Inc.) -- C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe PRC - [2011.05.06 17:33:00 | 000,393,112 | -H-- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2010.09.07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2010.04.13 00:46:36 | 001,135,912 | -H-- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.03.04 16:08:22 | 000,099,720 | -H-- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.09.11 12:34:22 | 002,403,840 | -H-- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009.09.11 12:33:54 | 000,009,216 | -H-- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.03.12 16:37:12 | 000,380,928 | -H-- | M] (Bytemobile, Inc.) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.08.25 13:47:12 | 000,356,352 | -H-- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe PRC - [2006.08.02 00:38:30 | 000,802,816 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2006.08.02 00:32:44 | 000,696,320 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2006.08.02 00:27:54 | 000,479,232 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2006.06.29 10:30:34 | 000,184,320 | -H-- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe PRC - [2006.03.16 22:58:50 | 000,974,848 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe PRC - [2006.03.03 00:50:52 | 000,151,552 | -H-- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\Toshiba.exe PRC - [2006.02.07 16:30:40 | 000,035,840 | -H-- | M] (TOSHIBA Corp.) -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe PRC - [2006.02.02 13:11:38 | 000,073,728 | -H-- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Tvs\TvsTray.exe PRC - [2005.10.06 05:20:00 | 000,122,940 | -H-- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2005.08.03 16:16:04 | 000,266,240 | -H-- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe PRC - [2005.08.03 16:15:50 | 000,040,960 | -H-- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe PRC - [2005.04.12 10:05:26 | 000,065,536 | -H-- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2005.01.18 01:38:38 | 000,040,960 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | -H-- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (SafeList) ========== MOD - [2011.06.12 16:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe MOD - [2010.08.23 18:11:46 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2006.05.01 22:04:00 | 001,466,368 | -H-- | M] () -- C:\WINDOWS\system32\nview.dll MOD - [2006.05.01 22:04:00 | 000,311,296 | -H-- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwrsde.dll MOD - [2006.05.01 22:04:00 | 000,081,920 | -H-- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll ========== Win32 Services (SafeList) ========== SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.06 17:33:00 | 000,393,112 | -H-- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010.03.04 16:08:22 | 002,106,760 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate) SRV - [2010.03.04 16:08:22 | 000,099,720 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2009.09.11 12:33:54 | 000,009,216 | -H-- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2008.11.09 22:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.11.04 01:06:28 | 000,441,712 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.02.07 16:30:40 | 000,035,840 | -H-- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) SRV - [2005.01.18 01:38:38 | 000,040,960 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004.10.22 03:24:18 | 000,073,728 | -H-- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2001.11.12 13:31:48 | 000,020,480 | -H-- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.05.29 09:11:20 | 000,022,712 | -H-- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.09.07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010.09.07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010.09.07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010.09.07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010.09.07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010.09.07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009.06.29 18:00:50 | 000,112,640 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 18:00:50 | 000,102,656 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.09 13:38:30 | 000,102,400 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.10.09 13:50:04 | 000,018,816 | -H-- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2006.08.02 01:27:48 | 000,012,544 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2006.05.30 16:42:52 | 000,045,696 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs) DRV - [2006.05.05 16:13:52 | 004,271,616 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006.03.22 08:56:24 | 001,522,688 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.12.13 18:08:44 | 001,124,097 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005.11.30 19:12:00 | 000,162,560 | -H-- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005.11.28 10:45:16 | 000,007,040 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid) DRV - [2005.10.20 14:03:42 | 000,006,144 | -H-- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD) DRV - [2005.10.06 05:20:00 | 000,094,332 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2005.10.06 05:20:00 | 000,087,036 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2005.10.06 05:20:00 | 000,086,524 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2005.10.06 05:20:00 | 000,025,628 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2005.10.06 05:20:00 | 000,014,684 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2005.10.06 05:20:00 | 000,006,364 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2005.10.06 05:20:00 | 000,002,496 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2005.09.09 14:47:10 | 000,009,344 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec) DRV - [2005.08.25 12:16:52 | 000,005,628 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.08.25 12:16:16 | 000,022,684 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2003.09.19 01:47:00 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003.01.29 23:35:00 | 000,012,032 | -H-- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15003&l=dis IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=697EF5D6-20F0-44C3-B0C6-5426A8E69AF0&apn_ptnrs=PV&apn_sauid=3BA00EFB-29C0-47B9-A571-814EE90EECC3&apn_dtid=YYYYYYYYDE&q=" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.10.12 09:39:48 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.05.02 16:31:13 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.30 23:23:32 | 000,000,000 | -H-D | M] [2010.06.05 18:44:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions [2010.06.05 18:44:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.06.12 15:37:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\extensions [2010.09.17 23:04:24 | 000,000,000 | -H-D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010.05.31 16:03:11 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.21 21:50:32 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.09.13 18:33:46 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.30 17:49:02 | 000,002,396 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\searchplugins\askcom.xml [2010.12.22 18:07:49 | 000,000,873 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\searchplugins\conduit.xml [2011.02.20 21:40:56 | 000,001,583 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\searchplugins\web-search.xml [2010.09.17 23:22:45 | 000,001,196 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\searchplugins\winamp-search.xml [2011.06.12 16:05:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.06.02 14:59:56 | 000,000,000 | -H-D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.06.12 16:05:12 | 000,000,000 | -H-D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM [2011.06.02 14:59:39 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.06.12 16:05:15 | 000,000,000 | -H-D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF [2011.06.02 14:59:39 | 000,423,656 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.12 18:33:56 | 000,012,800 | -H-- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.07.31 15:26:41 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.31 15:26:41 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.31 15:26:41 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.31 15:26:41 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.31 15:26:41 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [CFSServ.exe] File not found O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVRotateSysTray] C:\WINDOWS\System32\nvsysrot.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TFncKy] File not found O4 - HKLM..\Run: [THotkey] C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tvs] C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [SwPGvtLdJxoV] File not found O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.13 16:57:22 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{51b2492c-f401-11df-867c-00a0d1623765}\Shell - "" = AutoRun O33 - MountPoints2\{51b2492c-f401-11df-867c-00a0d1623765}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{51b2492c-f401-11df-867c-00a0d1623765}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\Shell - "" = AutoRun O33 - MountPoints2\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\Shell - "" = AutoRun O33 - MountPoints2\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: IS CfgWiz - hkey= - key= - File not found MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. ========== Files/Folders - Created Within 30 Days ========== [2011.06.12 20:44:17 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Recent [2011.06.12 16:23:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes [2011.06.12 16:23:31 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.06.12 16:23:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.06.12 16:23:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.06.12 16:23:23 | 000,022,712 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.06.12 16:23:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.06.12 16:21:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2011.06.12 16:21:45 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Admin\Desktop\mbam-setup-1.51.0.1200.exe [2011.06.12 16:05:27 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Search Settings [2011.06.12 16:05:08 | 000,000,000 | -H-D | C] -- C:\Programme\Application Updater [2011.06.12 16:05:07 | 000,000,000 | -H-D | C] -- C:\Programme\pdfforge Toolbar [2011.06.12 15:46:17 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Windows XP Restore [2011.06.12 15:32:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Foxit Software [2011.06.10 17:53:17 | 000,000,000 | -H-D | C] -- C:\Programme\mp3DirectCut [2011.06.03 10:30:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Yahoo [2011.06.03 10:22:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion [2011.06.03 10:22:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Yahoo! [2011.06.03 10:22:15 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Yahoo! Messenger [2011.06.03 10:22:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! [2011.06.03 10:19:20 | 000,000,000 | -H-D | C] -- C:\Programme\Yahoo! [2011.06.02 15:06:00 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Lexware [2011.06.02 15:04:52 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Steuer [2011.06.02 15:04:08 | 000,000,000 | -H-D | C] -- C:\Programme\Gemeinsame Dateien\Haufe [2011.06.02 15:03:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Steuer 2010 [2011.06.02 15:03:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lexware [2011.06.02 15:02:11 | 000,000,000 | -H-D | C] -- C:\Programme\Lexware [2011.06.02 15:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.06.02 15:00:26 | 000,000,000 | -H-D | C] -- C:\Programme\Haufe [2011.06.02 15:00:24 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2011.06.02 14:57:11 | 000,000,000 | -H-D | C] -- C:\Programme\Gemeinsame Dateien\Lexware [2011.06.02 14:57:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Lexware [2011.06.02 13:43:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Foxit Reader 5.0 [2011.06.02 13:43:05 | 000,000,000 | -H-D | C] -- C:\Programme\Foxit Software [2011.06.02 11:43:47 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Steuererklärung2010 [2011.06.02 11:24:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Adobe [2011.05.31 16:19:03 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Recuva [2011.05.31 16:19:02 | 000,000,000 | -H-D | C] -- C:\Programme\Recuva [2011.05.31 16:18:28 | 002,451,576 | -H-- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Admin\Desktop\rcsetup1.40.525.exe [2011.05.22 14:43:01 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller [2006.09.14 11:48:14 | 000,053,248 | -H-- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.13 10:30:07 | 000,001,086 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.06.13 10:29:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.06.13 10:29:48 | 3219,181,568 | -HS- | M] () -- C:\hiberfil.sys [2011.06.13 10:01:00 | 000,000,226 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011.06.13 09:54:00 | 000,001,090 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.06.12 16:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2011.06.12 16:14:06 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Admin\Desktop\mbam-setup-1.51.0.1200.exe [2011.06.12 15:46:18 | 000,000,128 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15654692r [2011.06.12 15:46:18 | 000,000,112 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15654692 [2011.06.12 15:46:17 | 000,000,827 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Windows XP Restore.lnk [2011.06.12 15:46:15 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\15654692 [2011.06.12 15:26:27 | 000,045,378 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.06.12 15:23:20 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.06.10 17:53:18 | 000,000,702 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\mp3DirectCut.lnk [2011.06.02 14:58:58 | 000,459,340 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.06.02 14:58:58 | 000,441,458 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.06.02 14:58:58 | 000,084,676 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.06.02 14:58:58 | 000,071,394 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.06.02 11:25:55 | 000,046,592 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.31 16:18:36 | 002,451,576 | -H-- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Admin\Desktop\rcsetup1.40.525.exe [2011.05.30 13:35:35 | 000,086,280 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Whiskybestellung_Spanien_300511.pdf [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,022,712 | -H-- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.05.24 20:48:18 | 000,185,016 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.05.24 19:00:12 | 000,121,346 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Empfangsbestätigung - IDEV - Internet Datenerhebung im Statistischen Verbund.pdf [2011.05.16 21:19:04 | 000,039,007 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\NichtLustig_PU.jpg [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.12 15:46:18 | 000,000,128 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15654692r [2011.06.12 15:46:18 | 000,000,112 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15654692 [2011.06.12 15:46:17 | 000,000,827 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Windows XP Restore.lnk [2011.06.12 15:46:15 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\15654692 [2011.06.10 17:53:18 | 000,000,702 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\mp3DirectCut.lnk [2011.05.30 13:35:32 | 000,086,280 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Whiskybestellung_Spanien_300511.pdf [2011.05.24 19:00:10 | 000,121,346 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Empfangsbestätigung - IDEV - Internet Datenerhebung im Statistischen Verbund.pdf [2011.05.16 21:19:20 | 000,039,007 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\NichtLustig_PU.jpg [2011.02.20 19:55:31 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010.09.11 17:41:31 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\System32\wsodsini.dll [2010.08.29 19:23:57 | 000,000,530 | -H-- | C] () -- C:\WINDOWS\System32\tx14_ic.ini [2010.05.29 19:13:36 | 000,046,592 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.29 14:36:17 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.05.25 21:11:28 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat [2010.05.21 19:10:37 | 000,000,138 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.06.16 13:25:02 | 000,121,512 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 [2006.09.14 18:34:45 | 001,519,616 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006.09.14 18:34:44 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.09.14 18:34:43 | 001,662,976 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.09.14 18:34:43 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.09.14 18:34:41 | 001,466,368 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll [2006.09.14 18:34:41 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006.09.14 18:34:38 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006.09.14 18:34:38 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.09.14 18:34:37 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe [2006.09.14 18:34:26 | 000,121,995 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2006.09.14 14:30:22 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini [2006.09.14 14:14:50 | 000,000,562 | -H-- | C] () -- C:\WINDOWS\TBTdetect.ini [2006.09.14 13:54:01 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\ODBC.INI [2006.09.14 13:50:38 | 000,127,184 | -H-- | C] () -- C:\WINDOWS\Unwise.exe [2006.09.14 12:18:00 | 000,000,222 | -H-- | C] () -- C:\WINDOWS\wininit.ini [2006.09.14 12:10:35 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.09.14 12:10:34 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.09.14 12:10:34 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.09.14 12:10:34 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.09.14 12:10:34 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.09.14 12:10:34 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.09.14 11:57:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\NDSTray.INI [2006.09.14 11:56:57 | 000,036,736 | -H-- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys [2006.09.14 11:56:57 | 000,029,184 | -H-- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2006.09.14 11:48:14 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2006.09.14 11:40:34 | 000,010,161 | -H-- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2006.09.14 11:40:34 | 000,007,671 | -H-- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2006.09.14 11:40:33 | 000,128,113 | -H-- | C] () -- C:\WINDOWS\System32\csellang.ini [2006.09.14 11:40:33 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\csellang.dll [2006.09.14 11:38:34 | 000,000,176 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat [2006.09.14 11:38:34 | 000,000,176 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat [2006.09.14 11:38:32 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006.09.14 11:38:32 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006.09.13 17:48:16 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.09.13 17:47:28 | 000,185,016 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.09.13 17:00:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.09.13 16:53:35 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.09.13 16:41:43 | 000,159,744 | -H-- | C] () -- C:\WINDOWS\MakeMrk.exe [2006.09.13 16:41:43 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll [2006.09.13 16:41:43 | 000,000,083 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006.09.13 16:41:31 | 000,459,340 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.09.13 16:41:31 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.09.13 16:41:31 | 000,084,676 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.09.13 16:41:31 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.09.13 16:40:54 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.09.13 16:40:53 | 000,441,458 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.09.13 16:40:53 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.09.13 16:40:53 | 000,071,394 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.09.13 16:40:53 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.09.13 16:40:52 | 000,004,631 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat [2006.09.13 16:40:50 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin [2006.09.13 16:40:47 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat [2006.09.13 16:40:42 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.09.13 16:40:42 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin [2006.09.13 16:40:37 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.09.13 16:40:28 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin [2006.01.30 23:15:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini [2005.09.02 14:44:00 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005.08.05 14:26:04 | 000,235,008 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.07.22 21:30:00 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004.07.20 17:04:00 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004.01.15 14:43:00 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll ========== LOP Check ========== [2010.11.01 17:08:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ACD Systems [2011.04.14 21:42:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.11.08 16:28:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FileZilla [2011.06.12 15:32:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Foxit Software [2010.11.26 18:06:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0 [2011.05.29 22:01:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICQ [2010.11.07 23:28:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\InterVideo [2011.06.03 21:15:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Lexware [2011.05.22 14:43:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller [2010.09.12 11:21:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\OpenOffice.org [2011.02.20 21:44:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\pdfforge [2010.09.06 21:19:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PhotoScape [2011.05.12 21:30:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PriceGong [2011.06.12 16:05:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Search Settings [2010.06.05 18:43:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Thunderbird [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\toshiba [2010.10.12 09:40:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Vodafone [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Desktop Search [2010.10.21 16:59:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\XnView [2010.07.19 17:35:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2010.06.11 17:55:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2011.06.02 15:01:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2011.06.03 21:20:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.05.31 15:46:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.10.12 09:39:53 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2011.06.13 10:01:00 | 000,000,226 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.11.01 17:08:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ACD Systems [2010.05.27 23:22:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Adobe [2010.07.04 21:32:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AdobeUM [2006.09.20 10:11:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ATI [2010.05.29 23:25:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DivX [2010.07.05 12:29:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\dvdcss [2011.04.14 21:42:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.11.08 16:28:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FileZilla [2010.10.12 21:07:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FLEXnet [2011.06.12 15:32:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Foxit Software [2010.08.18 21:38:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Google [2010.11.26 18:06:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0 [2011.05.29 22:01:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICQ [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Identities [2010.05.21 19:12:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Intel [2010.11.07 23:28:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\InterVideo [2011.06.03 21:15:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Lexware [2010.05.25 21:10:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia [2011.06.12 16:23:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes [2010.10.09 17:56:32 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft [2010.05.25 21:11:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla [2011.05.22 14:43:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller [2010.09.12 11:21:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\OpenOffice.org [2011.02.20 21:44:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\pdfforge [2010.09.06 21:19:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PhotoScape [2011.05.12 21:30:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PriceGong [2011.06.12 16:05:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Search Settings [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sonic [2010.05.28 19:35:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sun [2010.06.05 18:43:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Thunderbird [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\toshiba [2011.06.02 11:26:21 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\vlc [2010.10.12 09:40:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Vodafone [2010.09.18 08:17:25 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Winamp [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Desktop Search [2010.10.21 16:59:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\XnView [2011.06.03 10:23:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Yahoo! < %APPDATA%\*.exe /s > [2011.05.22 14:43:06 | 000,827,368 | -H-- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller\msnauins.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys [2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.10.05 12:33:15 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010.10.05 12:33:15 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.10.05 12:33:15 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010.10.05 12:33:15 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.10 14:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 04:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.10 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.09.13 18:46:55 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav [2006.09.13 18:46:55 | 000,663,552 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav [2006.09.13 18:46:54 | 000,434,176 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 142 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:63238B95 < End of report > Dazu gab es noch diese Datei ("Extras"):OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.06.2011 10:40:12 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 81,20% Memory free
4,84 Gb Paging File | 4,39 Gb Available in Paging File | 90,53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 148,80 Gb Total Space | 90,16 Gb Free Space | 60,59% Space Free | Partition Type: NTFS
Drive E: | 3,84 Gb Total Space | 1,94 Gb Free Space | 50,40% Space Free | Partition Type: FAT32
Computer Name: CHRIS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300" = Canon iP3300
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC-Diagnose-Tool
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Benutzerhandbücher
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD-Speicherkarten-Formatierung
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zoom-Dienstprogramm
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BCB52F35-4C56-49F2-A3D6-FDED54B01847}" = pdfforge Toolbar v4.4
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast5" = avast! Free Antivirus
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"FileZilla Client" = FileZilla Client 3.2.7.1
"Foxit Reader_is1" = Foxit Reader 5.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC-Diagnose-Tool
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"IrfanView" = IrfanView (remove only)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Recover My Files_is1" = Recover My Files
"Recuva" = Recuva
"SopCast" = SopCast 3.3.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Tournament Director" = The Tournament Director
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.06.2011 16:44:04 | Computer Name = CHRIS | Source = nview_info | ID = 11141121
Description =
Error - 12.06.2011 16:45:47 | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =
Error - 12.06.2011 16:45:48 | Computer Name = CHRIS | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.06.2011 16:46:15 | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =
Error - 12.06.2011 16:53:22 | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =
Error - 12.06.2011 16:53:23 | Computer Name = CHRIS | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 13.06.2011 04:28:28 | Computer Name = CHRIS | Source = nview_info | ID = 11141121
Description =
Error - 13.06.2011 04:30:05 | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =
Error - 13.06.2011 04:30:09 | Computer Name = CHRIS | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 13.06.2011 04:30:44 | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =
[ OSession Events ]
Error - 03.11.2010 09:22:35 | Computer Name = CHRIS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1533
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12.06.2011 14:52:07 | Computer Name = CHRIS | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 12.06.2011 14:52:18 | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%5
Error - 12.06.2011 16:45:45 | Computer Name = CHRIS | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 12.06.2011 16:45:49 | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%5
Error - 12.06.2011 16:53:20 | Computer Name = CHRIS | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 12.06.2011 16:53:24 | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%5
Error - 13.06.2011 04:30:06 | Computer Name = CHRIS | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 13.06.2011 04:30:09 | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%5
Error - 13.06.2011 04:41:32 | Computer Name = CHRIS | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 13.06.2011 04:41:32 | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%5
< End of report >
Könnt Ihr mir helfen und ggf. Tipps geben? Vielen Dank Christian |
|
14.06.2011, 11:04
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Kritischer Fehler Festplatte - Daten weg - Nichts geht mehrZitat:
Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.
__________________ |
|
15.06.2011, 13:37
| #3 |
| | Kritischer Fehler Festplatte - Daten weg - Nichts geht mehr Leider funktioniert immer noch nichts. Ich sehe einen schwarzen Desktop. Die Taskleiste ist auch zu sehen, aber unter Start ist der Programmordner leer und auch die ganze Festplatte wird ohne Dateien angezeigt. Im Grunde sind alle Daten verloren....
__________________Wer kann mir bitte helfen.... |
|
15.06.2011, 14:13
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kritischer Fehler Festplatte - Daten weg - Nichts geht mehr Ich hab auch nicht geschrieben, dass dann wieder alles in Ordnung sei... Erstell bitte ein frisches OTL-Log: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.06.2011, 17:30
| #5 |
| | Kritischer Fehler Festplatte - Daten weg - Nichts geht mehr So, hab jetzt mal alle "Toolbars" gelöscht, so weit es mir möglich war. Dann erneut mit OTL wie gewünscht gescannt. Hier das Ergebnis: Code:
ATTFilter OTL logfile created on: 15.06.2011 18:18:05 - Run 2 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 81,14% Memory free 4,84 Gb Paging File | 4,39 Gb Available in Paging File | 90,57% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 148,80 Gb Total Space | 90,04 Gb Free Space | 60,51% Space Free | Partition Type: NTFS Drive E: | 3,84 Gb Total Space | 1,94 Gb Free Space | 50,39% Space Free | Partition Type: FAT32 Computer Name: CHRIS | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.12 16:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010.09.07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2010.04.13 00:46:36 | 001,135,912 | -H-- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.03.04 16:08:22 | 000,099,720 | -H-- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.09.11 12:34:22 | 002,403,840 | -H-- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009.09.11 12:33:54 | 000,009,216 | -H-- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.03.12 16:37:12 | 000,380,928 | -H-- | M] (Bytemobile, Inc.) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.08.25 13:47:12 | 000,356,352 | -H-- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe PRC - [2006.08.02 00:38:30 | 000,802,816 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2006.08.02 00:32:44 | 000,696,320 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2006.08.02 00:27:54 | 000,479,232 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2006.06.29 10:30:34 | 000,184,320 | -H-- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe PRC - [2006.03.16 22:58:50 | 000,974,848 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe PRC - [2006.02.07 16:30:40 | 000,035,840 | -H-- | M] (TOSHIBA Corp.) -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe PRC - [2006.02.02 13:11:38 | 000,073,728 | -H-- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Tvs\TvsTray.exe PRC - [2005.10.06 05:20:00 | 000,122,940 | -H-- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2005.08.03 16:16:04 | 000,266,240 | -H-- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe PRC - [2005.08.03 16:15:50 | 000,040,960 | -H-- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe PRC - [2005.05.13 11:01:30 | 000,118,784 | -H-- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe PRC - [2005.04.12 10:05:26 | 000,065,536 | -H-- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2005.01.18 01:38:38 | 000,040,960 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | -H-- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (SafeList) ========== MOD - [2011.06.12 16:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe MOD - [2010.08.23 18:11:46 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2006.05.01 22:04:00 | 001,466,368 | -H-- | M] () -- C:\WINDOWS\system32\nview.dll MOD - [2006.05.01 22:04:00 | 000,311,296 | -H-- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwrsde.dll MOD - [2006.05.01 22:04:00 | 000,081,920 | -H-- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll ========== Win32 Services (SafeList) ========== SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010.03.04 16:08:22 | 002,106,760 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate) SRV - [2010.03.04 16:08:22 | 000,099,720 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2009.09.11 12:33:54 | 000,009,216 | -H-- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2008.11.09 22:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.11.04 01:06:28 | 000,441,712 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.02.07 16:30:40 | 000,035,840 | -H-- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) SRV - [2005.01.18 01:38:38 | 000,040,960 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004.10.22 03:24:18 | 000,073,728 | -H-- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2001.11.12 13:31:48 | 000,020,480 | -H-- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.05.29 09:11:20 | 000,022,712 | -H-- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.09.07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010.09.07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010.09.07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010.09.07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010.09.07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010.09.07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009.06.29 18:00:50 | 000,112,640 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 18:00:50 | 000,102,656 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.09 13:38:30 | 000,102,400 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.10.09 13:50:04 | 000,018,816 | -H-- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2006.08.02 01:27:48 | 000,012,544 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2006.05.30 16:42:52 | 000,045,696 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs) DRV - [2006.05.05 16:13:52 | 004,271,616 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006.03.22 08:56:24 | 001,522,688 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.12.13 18:08:44 | 001,124,097 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005.11.30 19:12:00 | 000,162,560 | -H-- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005.11.28 10:45:16 | 000,007,040 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid) DRV - [2005.10.20 14:03:42 | 000,006,144 | -H-- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD) DRV - [2005.10.06 05:20:00 | 000,094,332 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2005.10.06 05:20:00 | 000,087,036 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2005.10.06 05:20:00 | 000,086,524 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2005.10.06 05:20:00 | 000,025,628 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2005.10.06 05:20:00 | 000,014,684 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2005.10.06 05:20:00 | 000,006,364 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2005.10.06 05:20:00 | 000,002,496 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2005.09.09 14:47:10 | 000,009,344 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec) DRV - [2005.08.25 12:16:52 | 000,005,628 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.08.25 12:16:16 | 000,022,684 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2003.09.19 01:47:00 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003.01.29 23:35:00 | 000,012,032 | -H-- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15003&l=dis IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.10.12 09:39:48 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.05.02 16:31:13 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.30 23:23:32 | 000,000,000 | -H-D | M] [2010.06.05 18:44:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions [2010.06.05 18:44:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.06.12 15:37:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\extensions [2010.09.17 23:04:24 | 000,000,000 | -H-D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010.05.31 16:03:11 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.21 21:50:32 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.09.13 18:33:46 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.30 17:49:02 | 000,002,396 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\searchplugins\askcom.xml [2010.12.22 18:07:49 | 000,000,873 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\searchplugins\conduit.xml [2011.02.20 21:40:56 | 000,001,583 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\searchplugins\web-search.xml [2010.09.17 23:22:45 | 000,001,196 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\searchplugins\winamp-search.xml [2011.06.15 14:41:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.06.02 14:59:56 | 000,000,000 | -H-D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.06.02 14:59:39 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.06.02 14:59:39 | 000,423,656 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.12 18:33:56 | 000,012,800 | -H-- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.07.31 15:26:41 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.31 15:26:41 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.31 15:26:41 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.31 15:26:41 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.31 15:26:41 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [CFSServ.exe] File not found O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVRotateSysTray] C:\WINDOWS\System32\nvsysrot.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TFncKy] File not found O4 - HKLM..\Run: [THotkey] C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tvs] C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [SwPGvtLdJxoV] File not found O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.13 16:57:22 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{51b2492c-f401-11df-867c-00a0d1623765}\Shell - "" = AutoRun O33 - MountPoints2\{51b2492c-f401-11df-867c-00a0d1623765}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{51b2492c-f401-11df-867c-00a0d1623765}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\Shell - "" = AutoRun O33 - MountPoints2\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\Shell - "" = AutoRun O33 - MountPoints2\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: IS CfgWiz - hkey= - key= - File not found MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. ========== Files/Folders - Created Within 30 Days ========== [2011.06.12 20:44:17 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Recent [2011.06.12 16:23:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes [2011.06.12 16:23:31 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.06.12 16:23:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.06.12 16:23:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.06.12 16:23:23 | 000,022,712 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.06.12 16:23:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.06.12 16:21:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2011.06.12 16:21:45 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Admin\Desktop\mbam-setup-1.51.0.1200.exe [2011.06.12 15:46:17 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Windows XP Restore [2011.06.12 15:32:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Foxit Software [2011.06.10 17:53:17 | 000,000,000 | -H-D | C] -- C:\Programme\mp3DirectCut [2011.06.03 10:30:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Yahoo [2011.06.03 10:22:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Yahoo! [2011.06.03 10:22:15 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Yahoo! Messenger [2011.06.03 10:22:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! [2011.06.03 10:19:20 | 000,000,000 | -H-D | C] -- C:\Programme\Yahoo! [2011.06.02 15:06:00 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Lexware [2011.06.02 15:04:52 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Steuer [2011.06.02 15:04:08 | 000,000,000 | -H-D | C] -- C:\Programme\Gemeinsame Dateien\Haufe [2011.06.02 15:03:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Steuer 2010 [2011.06.02 15:03:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lexware [2011.06.02 15:02:11 | 000,000,000 | -H-D | C] -- C:\Programme\Lexware [2011.06.02 15:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.06.02 15:00:26 | 000,000,000 | -H-D | C] -- C:\Programme\Haufe [2011.06.02 15:00:24 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2011.06.02 14:57:11 | 000,000,000 | -H-D | C] -- C:\Programme\Gemeinsame Dateien\Lexware [2011.06.02 14:57:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Lexware [2011.06.02 13:43:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Foxit Reader 5.0 [2011.06.02 13:43:05 | 000,000,000 | -H-D | C] -- C:\Programme\Foxit Software [2011.06.02 11:43:47 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Steuererklärung2010 [2011.06.02 11:24:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Adobe [2011.05.31 16:19:03 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Recuva [2011.05.31 16:19:02 | 000,000,000 | -H-D | C] -- C:\Programme\Recuva [2011.05.31 16:18:28 | 002,451,576 | -H-- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Admin\Desktop\rcsetup1.40.525.exe [2011.05.22 14:43:01 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller [2006.09.14 11:48:14 | 000,053,248 | -H-- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.15 18:09:28 | 000,001,086 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.06.15 18:09:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.06.15 18:09:12 | 3219,181,568 | -HS- | M] () -- C:\hiberfil.sys [2011.06.15 15:01:01 | 000,000,226 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011.06.15 14:54:00 | 000,001,090 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.06.15 14:33:53 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.06.13 20:49:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.06.12 16:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2011.06.12 16:14:06 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Admin\Desktop\mbam-setup-1.51.0.1200.exe [2011.06.12 15:46:18 | 000,000,128 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15654692r [2011.06.12 15:46:18 | 000,000,112 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15654692 [2011.06.12 15:46:17 | 000,000,827 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Windows XP Restore.lnk [2011.06.12 15:46:15 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\15654692 [2011.06.12 15:26:27 | 000,045,378 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.06.10 17:53:18 | 000,000,702 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\mp3DirectCut.lnk [2011.06.02 14:58:58 | 000,459,340 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.06.02 14:58:58 | 000,441,458 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.06.02 14:58:58 | 000,084,676 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.06.02 14:58:58 | 000,071,394 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.06.02 11:25:55 | 000,046,592 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.31 16:18:36 | 002,451,576 | -H-- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Admin\Desktop\rcsetup1.40.525.exe [2011.05.30 13:35:35 | 000,086,280 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Whiskybestellung_Spanien_300511.pdf [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,022,712 | -H-- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.05.24 20:48:18 | 000,185,016 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.05.24 19:00:12 | 000,121,346 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Empfangsbestätigung - IDEV - Internet Datenerhebung im Statistischen Verbund.pdf [2011.05.16 21:19:04 | 000,039,007 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\NichtLustig_PU.jpg [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.12 15:46:18 | 000,000,128 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15654692r [2011.06.12 15:46:18 | 000,000,112 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15654692 [2011.06.12 15:46:17 | 000,000,827 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Windows XP Restore.lnk [2011.06.12 15:46:15 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\15654692 [2011.06.10 17:53:18 | 000,000,702 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\mp3DirectCut.lnk [2011.05.30 13:35:32 | 000,086,280 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Whiskybestellung_Spanien_300511.pdf [2011.05.24 19:00:10 | 000,121,346 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Empfangsbestätigung - IDEV - Internet Datenerhebung im Statistischen Verbund.pdf [2011.05.16 21:19:20 | 000,039,007 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\NichtLustig_PU.jpg [2011.02.20 19:55:31 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010.09.11 17:41:31 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\System32\wsodsini.dll [2010.08.29 19:23:57 | 000,000,530 | -H-- | C] () -- C:\WINDOWS\System32\tx14_ic.ini [2010.05.29 19:13:36 | 000,046,592 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.29 14:36:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.05.25 21:11:28 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat [2010.05.21 19:10:37 | 000,000,138 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.06.16 13:25:02 | 000,121,512 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 [2006.09.14 18:34:45 | 001,519,616 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006.09.14 18:34:44 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.09.14 18:34:43 | 001,662,976 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.09.14 18:34:43 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.09.14 18:34:41 | 001,466,368 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll [2006.09.14 18:34:41 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006.09.14 18:34:38 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006.09.14 18:34:38 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.09.14 18:34:37 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe [2006.09.14 18:34:26 | 000,121,995 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2006.09.14 14:30:22 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini [2006.09.14 14:14:50 | 000,000,562 | -H-- | C] () -- C:\WINDOWS\TBTdetect.ini [2006.09.14 13:54:01 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\ODBC.INI [2006.09.14 13:50:38 | 000,127,184 | -H-- | C] () -- C:\WINDOWS\Unwise.exe [2006.09.14 12:18:00 | 000,000,222 | -H-- | C] () -- C:\WINDOWS\wininit.ini [2006.09.14 12:10:35 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.09.14 12:10:34 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.09.14 12:10:34 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.09.14 12:10:34 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.09.14 12:10:34 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.09.14 12:10:34 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.09.14 11:57:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\NDSTray.INI [2006.09.14 11:56:57 | 000,036,736 | -H-- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys [2006.09.14 11:56:57 | 000,029,184 | -H-- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2006.09.14 11:48:14 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2006.09.14 11:40:34 | 000,010,161 | -H-- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2006.09.14 11:40:34 | 000,007,671 | -H-- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2006.09.14 11:40:33 | 000,128,113 | -H-- | C] () -- C:\WINDOWS\System32\csellang.ini [2006.09.14 11:40:33 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\csellang.dll [2006.09.14 11:38:34 | 000,000,176 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat [2006.09.14 11:38:34 | 000,000,176 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat [2006.09.14 11:38:32 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006.09.14 11:38:32 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006.09.13 17:48:16 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.09.13 17:47:28 | 000,185,016 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.09.13 17:00:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.09.13 16:53:35 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.09.13 16:41:43 | 000,159,744 | -H-- | C] () -- C:\WINDOWS\MakeMrk.exe [2006.09.13 16:41:43 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll [2006.09.13 16:41:43 | 000,000,083 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006.09.13 16:41:31 | 000,459,340 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.09.13 16:41:31 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.09.13 16:41:31 | 000,084,676 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.09.13 16:41:31 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.09.13 16:40:54 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.09.13 16:40:53 | 000,441,458 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.09.13 16:40:53 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.09.13 16:40:53 | 000,071,394 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.09.13 16:40:53 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.09.13 16:40:52 | 000,004,631 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat [2006.09.13 16:40:50 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin [2006.09.13 16:40:47 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat [2006.09.13 16:40:42 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.09.13 16:40:42 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin [2006.09.13 16:40:37 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.09.13 16:40:28 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin [2006.01.30 23:15:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini [2005.09.02 14:44:00 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005.08.05 14:26:04 | 000,235,008 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.07.22 21:30:00 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004.07.20 17:04:00 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004.01.15 14:43:00 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll ========== LOP Check ========== [2010.11.01 17:08:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ACD Systems [2011.04.14 21:42:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.11.08 16:28:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FileZilla [2011.06.12 15:32:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Foxit Software [2010.11.26 18:06:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0 [2011.05.29 22:01:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICQ [2010.11.07 23:28:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\InterVideo [2011.06.03 21:15:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Lexware [2011.05.22 14:43:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller [2010.09.12 11:21:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\OpenOffice.org [2010.09.06 21:19:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PhotoScape [2011.06.15 14:43:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PriceGong [2010.06.05 18:43:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Thunderbird [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\toshiba [2010.10.12 09:40:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Vodafone [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Desktop Search [2010.10.21 16:59:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\XnView [2010.07.19 17:35:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2010.06.11 17:55:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2011.06.02 15:01:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2011.06.03 21:20:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.05.31 15:46:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.10.12 09:39:53 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2011.06.15 15:01:01 | 000,000,226 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.11.01 17:08:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ACD Systems [2010.05.27 23:22:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Adobe [2010.07.04 21:32:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AdobeUM [2006.09.20 10:11:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ATI [2010.05.29 23:25:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DivX [2010.07.05 12:29:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\dvdcss [2011.04.14 21:42:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.11.08 16:28:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FileZilla [2010.10.12 21:07:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FLEXnet [2011.06.12 15:32:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Foxit Software [2010.08.18 21:38:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Google [2010.11.26 18:06:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0 [2011.05.29 22:01:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICQ [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Identities [2010.05.21 19:12:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Intel [2010.11.07 23:28:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\InterVideo [2011.06.03 21:15:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Lexware [2010.05.25 21:10:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia [2011.06.12 16:23:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes [2010.10.09 17:56:32 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft [2010.05.25 21:11:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla [2011.05.22 14:43:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller [2010.09.12 11:21:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\OpenOffice.org [2010.09.06 21:19:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PhotoScape [2011.06.15 14:43:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PriceGong [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sonic [2010.05.28 19:35:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sun [2010.06.05 18:43:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Thunderbird [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\toshiba [2011.06.02 11:26:21 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\vlc [2010.10.12 09:40:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Vodafone [2010.09.18 08:17:25 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Winamp [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Desktop Search [2010.10.21 16:59:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\XnView [2011.06.15 14:44:01 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Yahoo! < %APPDATA%\*.exe /s > [2011.05.22 14:43:06 | 000,827,368 | -H-- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller\msnauins.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys [2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.10.05 12:33:15 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010.10.05 12:33:15 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.10.05 12:33:15 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010.10.05 12:33:15 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.10 14:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 04:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.10 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.09.13 18:46:55 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav [2006.09.13 18:46:55 | 000,663,552 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav [2006.09.13 18:46:54 | 000,434,176 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > ========== Alternate Data Streams ========== @Alternate Data Stream - 142 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:63238B95 < End of report > |
|
15.06.2011, 21:11
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kritischer Fehler Festplatte - Daten weg - Nichts geht mehr Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKCU..\Run: [SwPGvtLdJxoV] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.13 16:57:22 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{51b2492c-f401-11df-867c-00a0d1623765}\Shell - "" = AutoRun
O33 - MountPoints2\{51b2492c-f401-11df-867c-00a0d1623765}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{51b2492c-f401-11df-867c-00a0d1623765}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\Shell - "" = AutoRun
O33 - MountPoints2\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\Shell - "" = AutoRun
O33 - MountPoints2\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
[2011.06.12 15:46:17 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Windows XP Restore
[2011.06.12 15:46:18 | 000,000,128 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15654692r
[2011.06.12 15:46:18 | 000,000,112 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15654692
[2011.06.12 15:46:17 | 000,000,827 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Windows XP Restore.lnk
[2011.06.12 15:46:15 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\15654692
[2011.06.15 15:01:01 | 000,000,226 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011.06.15 14:43:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PriceGong
@Alternate Data Stream - 142 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:63238B95
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Kritischer Fehler Festplatte - Daten weg - Nichts geht mehr |
|
15.06.2011, 21:36
| #7 |
| | Kritischer Fehler Festplatte - Daten weg - Nichts geht mehr Hab es gemacht wie beschrieben: Avast deaktiviert, sonst. Programme geschlossen...hier das Logfile: Code:
ATTFilter ========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Programme\DVDVideoSoftTB\tbDVDV.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CFSServ.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SwPGvtLdJxoV deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51b2492c-f401-11df-867c-00a0d1623765}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51b2492c-f401-11df-867c-00a0d1623765}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51b2492c-f401-11df-867c-00a0d1623765}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51b2492c-f401-11df-867c-00a0d1623765}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51b2492c-f401-11df-867c-00a0d1623765}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51b2492c-f401-11df-867c-00a0d1623765}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Windows XP Restore folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15654692r moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15654692 moved successfully.
C:\Dokumente und Einstellungen\Admin\Desktop\Windows XP Restore.lnk moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\15654692 moved successfully.
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PriceGong\Data folder moved successfully.
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PriceGong folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:63238B95 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.24.0 log created on 06152011_223343
|
|
15.06.2011, 21:53
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kritischer Fehler Festplatte - Daten weg - Nichts geht mehr Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.06.2011, 17:20
| #9 |
| | Kritischer Fehler Festplatte - Daten weg - Nichts geht mehr ...und das kam dabei raus: Code:
ATTFilter 2011/06/16 18:09:24.0187 3592 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/16 18:09:24.0281 3592 ================================================================================
2011/06/16 18:09:24.0281 3592 SystemInfo:
2011/06/16 18:09:24.0281 3592
2011/06/16 18:09:24.0281 3592 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/16 18:09:24.0281 3592 Product type: Workstation
2011/06/16 18:09:24.0281 3592 ComputerName: CHRIS
2011/06/16 18:09:24.0281 3592 UserName: Admin
2011/06/16 18:09:24.0281 3592 Windows directory: C:\WINDOWS
2011/06/16 18:09:24.0281 3592 System windows directory: C:\WINDOWS
2011/06/16 18:09:24.0281 3592 Processor architecture: Intel x86
2011/06/16 18:09:24.0281 3592 Number of processors: 2
2011/06/16 18:09:24.0281 3592 Page size: 0x1000
2011/06/16 18:09:24.0281 3592 Boot type: Normal boot
2011/06/16 18:09:24.0281 3592 ================================================================================
2011/06/16 18:09:25.0828 3592 Initialize success
2011/06/16 18:09:34.0562 3308 ================================================================================
2011/06/16 18:09:34.0562 3308 Scan started
2011/06/16 18:09:34.0562 3308 Mode: Manual;
2011/06/16 18:09:34.0562 3308 ================================================================================
2011/06/16 18:09:35.0062 3308 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/06/16 18:09:35.0187 3308 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/16 18:09:35.0203 3308 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/16 18:09:35.0265 3308 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/16 18:09:35.0328 3308 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/16 18:09:35.0562 3308 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/16 18:09:35.0656 3308 AgereSoftModem (c41a5740468d0b9cb46e6390a0e15ce3) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/06/16 18:09:36.0015 3308 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/16 18:09:36.0156 3308 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/06/16 18:09:36.0187 3308 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/06/16 18:09:36.0203 3308 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/06/16 18:09:36.0375 3308 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2011/06/16 18:09:36.0421 3308 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/06/16 18:09:36.0484 3308 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/16 18:09:36.0500 3308 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/16 18:09:36.0625 3308 ati2mtag (221f0a33229cce7bf2f7640d3bb8845d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/16 18:09:36.0875 3308 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/16 18:09:36.0906 3308 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/16 18:09:36.0953 3308 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/16 18:09:37.0015 3308 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\WINDOWS\system32\drivers\BMLoad.sys
2011/06/16 18:09:37.0218 3308 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/16 18:09:37.0250 3308 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/16 18:09:37.0312 3308 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/16 18:09:37.0343 3308 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/16 18:09:37.0406 3308 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/16 18:09:37.0437 3308 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/16 18:09:37.0703 3308 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/16 18:09:37.0734 3308 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/06/16 18:09:37.0765 3308 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/06/16 18:09:37.0781 3308 DLADResN (f17cfeb7f7e90496931523e5ba11d399) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/06/16 18:09:37.0796 3308 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/06/16 18:09:37.0812 3308 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/06/16 18:09:37.0843 3308 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/06/16 18:09:37.0875 3308 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/06/16 18:09:37.0890 3308 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/06/16 18:09:37.0906 3308 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/06/16 18:09:38.0000 3308 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/16 18:09:38.0187 3308 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/16 18:09:38.0203 3308 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/16 18:09:38.0234 3308 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/16 18:09:38.0328 3308 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/16 18:09:38.0359 3308 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/06/16 18:09:38.0375 3308 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/06/16 18:09:38.0406 3308 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/16 18:09:38.0671 3308 ewusbnet (13d0f39d356e70f0a5e80d7771382245) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
2011/06/16 18:09:38.0734 3308 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/16 18:09:38.0765 3308 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/16 18:09:38.0796 3308 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/16 18:09:38.0968 3308 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/16 18:09:39.0031 3308 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/16 18:09:39.0062 3308 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/16 18:09:39.0125 3308 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/16 18:09:39.0171 3308 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/16 18:09:39.0234 3308 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/16 18:09:39.0500 3308 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/16 18:09:39.0593 3308 hwdatacard (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/06/16 18:09:39.0640 3308 hwusbfake (83026e41d9960430491432dbd6af969a) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
2011/06/16 18:09:39.0890 3308 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/16 18:09:39.0968 3308 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/16 18:09:40.0218 3308 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/16 18:09:40.0468 3308 IntcAzAudAddService (7c09d605fcae64e3cb11ebf90fb1e3a1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/16 18:09:40.0765 3308 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/16 18:09:40.0812 3308 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/16 18:09:40.0843 3308 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/16 18:09:40.0921 3308 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/16 18:09:40.0968 3308 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/16 18:09:41.0125 3308 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/16 18:09:41.0156 3308 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/16 18:09:41.0203 3308 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/16 18:09:41.0234 3308 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/06/16 18:09:41.0328 3308 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/16 18:09:41.0453 3308 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/16 18:09:41.0500 3308 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/16 18:09:41.0578 3308 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/16 18:09:41.0687 3308 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/06/16 18:09:41.0812 3308 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/06/16 18:09:41.0906 3308 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/06/16 18:09:41.0937 3308 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/16 18:09:42.0015 3308 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/16 18:09:42.0046 3308 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/16 18:09:42.0171 3308 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/16 18:09:42.0218 3308 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/16 18:09:42.0328 3308 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/16 18:09:42.0718 3308 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/16 18:09:42.0875 3308 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/16 18:09:43.0000 3308 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/16 18:09:43.0125 3308 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/16 18:09:43.0218 3308 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/16 18:09:43.0343 3308 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/16 18:09:43.0531 3308 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/16 18:09:43.0640 3308 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/16 18:09:43.0687 3308 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/16 18:09:43.0765 3308 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/16 18:09:44.0000 3308 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/16 18:09:44.0109 3308 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/16 18:09:44.0171 3308 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/16 18:09:44.0359 3308 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/06/16 18:09:44.0593 3308 NETw3x32 (50f5de54e1d1646c02078f3eddc15a8e) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2011/06/16 18:09:44.0828 3308 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/16 18:09:44.0890 3308 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/16 18:09:45.0000 3308 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/16 18:09:45.0218 3308 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/16 18:09:45.0421 3308 nv (ac5267c71f72fb42511ed5790ba0e9f5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/16 18:09:45.0843 3308 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/16 18:09:45.0906 3308 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/16 18:09:45.0953 3308 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/16 18:09:46.0031 3308 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/16 18:09:46.0265 3308 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/16 18:09:46.0359 3308 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/16 18:09:46.0468 3308 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/16 18:09:46.0750 3308 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/16 18:09:46.0828 3308 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/16 18:09:47.0468 3308 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/06/16 18:09:47.0546 3308 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/16 18:09:47.0578 3308 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/16 18:09:47.0609 3308 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/16 18:09:47.0671 3308 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/16 18:09:48.0062 3308 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/16 18:09:48.0296 3308 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/16 18:09:48.0718 3308 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/16 18:09:48.0875 3308 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/16 18:09:48.0937 3308 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/16 18:09:48.0953 3308 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/16 18:09:49.0000 3308 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/16 18:09:49.0078 3308 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/16 18:09:49.0312 3308 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/16 18:09:49.0828 3308 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/06/16 18:09:49.0921 3308 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/06/16 18:09:49.0953 3308 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/16 18:09:50.0015 3308 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/16 18:09:50.0312 3308 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/06/16 18:09:50.0343 3308 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/06/16 18:09:50.0421 3308 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/16 18:09:51.0000 3308 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/16 18:09:51.0062 3308 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/16 18:09:51.0156 3308 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/16 18:09:51.0187 3308 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/16 18:09:51.0265 3308 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/16 18:09:51.0453 3308 SynTP (a6cc8c28d5aad4179ef32f05bed55e91) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/16 18:09:51.0578 3308 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/16 18:09:51.0718 3308 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/16 18:09:51.0765 3308 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\WINDOWS\system32\drivers\tcpipBM.sys
2011/06/16 18:09:51.0812 3308 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/16 18:09:51.0953 3308 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/16 18:09:52.0015 3308 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/16 18:09:52.0109 3308 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
2011/06/16 18:09:52.0171 3308 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
2011/06/16 18:09:52.0218 3308 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
2011/06/16 18:09:52.0328 3308 Tvs (546dfba6486569120d33f7ad6e94efdd) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2011/06/16 18:09:52.0406 3308 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/16 18:09:52.0562 3308 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/16 18:09:52.0703 3308 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/16 18:09:52.0781 3308 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/16 18:09:52.0875 3308 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/16 18:09:52.0921 3308 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/16 18:09:53.0062 3308 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/16 18:09:53.0125 3308 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/16 18:09:53.0203 3308 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/16 18:09:53.0296 3308 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/16 18:09:53.0359 3308 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/16 18:09:53.0640 3308 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/16 18:09:53.0796 3308 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/16 18:09:53.0921 3308 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
2011/06/16 18:09:53.0984 3308 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/16 18:09:54.0328 3308 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR3
2011/06/16 18:09:54.0812 3308 ================================================================================
2011/06/16 18:09:54.0812 3308 Scan finished
2011/06/16 18:09:54.0812 3308 ================================================================================
2011/06/16 18:09:54.0828 0404 Detected object count: 0
2011/06/16 18:09:54.0828 0404 Actual detected object count: 0
Alles wieder da...Sind wir fertig oder sollte ich noch irgendwas machen? Eine Frage hätte ich ja noch: Wie kann ich das ganze denn grundlegend verhindern? Gibt es spezielle Software? |
|
16.06.2011, 20:16
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kritischer Fehler Festplatte - Daten weg - Nichts geht mehrZitat:
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.06.2011, 21:42
| #11 |
| | Kritischer Fehler Festplatte - Daten weg - Nichts geht mehrCode:
ATTFilter ComboFix 11-06-17.04 - Admin 17.06.2011 22:33:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3070.2384 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Admin\Desktop\cofi.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Admin\WINDOWS
c:\dokumente und einstellungen\Administrator\WINDOWS
c:\dokumente und einstellungen\Christian\WINDOWS
c:\dokumente und einstellungen\Default User\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-17 bis 2011-06-17 ))))))))))))))))))))))))))))))
.
.
2011-06-16 16:26 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-16 16:25 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
2011-06-15 20:33 . 2011-06-15 20:33 -------- d-----w- C:\_OTL
2011-06-12 18:50 . 2011-06-12 18:50 -------- d-----w- c:\dokumente und einstellungen\Christian\Anwendungsdaten\Malwarebytes
2011-06-12 18:47 . 2011-06-12 18:47 -------- d-----w- c:\dokumente und einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\Lexware
2011-06-12 18:47 . 2011-06-12 18:47 -------- d-----w- c:\dokumente und einstellungen\Christian\Anwendungsdaten\Lexware
2011-06-12 18:47 . 2011-06-12 18:47 -------- d-----w- c:\dokumente und einstellungen\Christian\Anwendungsdaten\Search Settings
2011-06-12 14:23 . 2011-06-12 14:23 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Malwarebytes
2011-06-12 14:23 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-12 14:23 . 2011-06-12 14:23 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-06-12 14:23 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-12 14:23 . 2011-06-12 20:53 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-06-12 13:32 . 2011-06-12 13:32 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Foxit Software
2011-06-10 15:53 . 2011-06-10 15:54 -------- d-----w- c:\programme\mp3DirectCut
2011-06-03 08:30 . 2011-06-03 08:30 -------- d-----w- c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Yahoo
2011-06-03 08:22 . 2011-06-15 12:44 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Yahoo!
2011-06-03 08:22 . 2011-06-03 08:23 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Yahoo!
2011-06-03 08:19 . 2011-06-15 16:09 -------- d-----w- c:\programme\Yahoo!
2011-06-02 13:06 . 2011-06-03 19:15 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Lexware
2011-06-02 13:04 . 2011-06-02 13:04 -------- d-----w- c:\programme\Gemeinsame Dateien\Haufe
2011-06-02 13:02 . 2011-06-03 19:20 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lexware
2011-06-02 13:02 . 2011-06-02 13:02 -------- d-----w- c:\programme\Lexware
2011-06-02 13:00 . 2011-06-02 13:00 -------- d-----w- c:\programme\Haufe
2011-06-02 13:00 . 2011-06-02 13:01 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Haufe
2011-06-02 12:59 . 2011-06-02 12:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-02 12:57 . 2011-06-02 13:03 -------- d-----w- c:\programme\Gemeinsame Dateien\Lexware
2011-06-02 12:57 . 2011-06-02 13:06 -------- d-----w- c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Lexware
2011-06-02 11:43 . 2011-06-02 11:43 -------- d-----w- c:\programme\Foxit Software
2011-06-02 09:24 . 2011-06-02 09:24 -------- d-----w- c:\windows\system32\Adobe
2011-06-02 09:24 . 2011-06-02 09:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-31 14:19 . 2011-05-31 14:19 -------- d-----w- c:\programme\Recuva
2011-05-22 12:43 . 2011-05-22 12:43 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\MSNInstaller
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 12:59 . 2010-05-28 17:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 15:31 . 2006-09-13 14:54 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2006-09-13 14:40 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 14:47 . 2006-09-13 14:41 672768 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 14:47 . 2006-09-13 14:40 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-04-25 14:47 . 2006-09-13 14:40 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 14:42 . 2006-09-13 14:40 371200 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-09-13 14:40 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\programme\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]
"nwiz"="nwiz.exe" [2006-05-01 1519616]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 16206848]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 88204]
"THotkey"="c:\programme\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]
"TPSMain"="TPSMain.exe" [2005-08-03 266240]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\programme\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2005-05-13 118784]
"TFncKy"="TFncKy.exe" [BU]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"MobileConnect"="c:\programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-11 2403840]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LexwareInfoService"="c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22 1695232 ------w- c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\ICQ7.1\\ICQ.exe"=
"c:\\Programme\\ICQ7.1\\aolload.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.07.2010 17:35 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.07.2010 17:35 17744]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\programme\Symantec\LiveUpdate\AluSchedulerSvc.exe [25.09.2010 10:56 99720]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [12.06.2011 16:23 366640]
R2 VMCService;Vodafone Mobile Connect Service;c:\programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [11.09.2009 12:33 9216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12.06.2011 16:23 22712]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [14.09.2006 13:50 7040]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [18.08.2010 21:36 136176]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [12.10.2010 09:41 112640]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [18.08.2010 21:36 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [12.10.2010 09:40 102656]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12.06.2011 16:23 39984]
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-08-18 19:36]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-08-18 19:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com?o=15003&l=dis
uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\programme\ICQ7.1\ICQ.exe
LSP: bmnet.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\programme\Ask.com\GenericAskToolbar.dll
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
MSConfigStartUp-IS CfgWiz - c:\programme\Norton Internet Security\cfgwiz.exe
AddRemove-Easy-WebPrint - c:\windows\IsUn0407.exe
AddRemove-Power Saver - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-17 22:38
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(960)
c:\windows\system32\bmnet.dll
.
Zeit der Fertigstellung: 2011-06-17 22:40:19
ComboFix-quarantined-files.txt 2011-06-17 20:40
.
Vor Suchlauf: 12 Verzeichnis(se), 96.104.337.408 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 97.651.253.248 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 4AFAC314CFA530762604A7F36299E8CD
|
|
20.06.2011, 07:09
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kritischer Fehler Festplatte - Daten weg - Nichts geht mehr Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2011, 14:42
| #13 |
| | Kritischer Fehler Festplatte - Daten weg - Nichts geht mehr GMER: Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-21 15:39:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1637GSX rev.DL020M
Running: xu61e4q2.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\kxtdqpod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xB6C5ACF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xB6C5ABAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xB6C5B160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xB6C5B08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xB6C5A782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xB6C5AC86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xB6C5A6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xB6C5A726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xB6C5ADA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB6C5B22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xB6C5AD66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xB6C5AEE6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB6C67BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xB6C679D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xB6C67B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP B6C64FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 8056DB66 7 Bytes JMP B6C679D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9EC 7 Bytes JMP B6C67BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP B6C635D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805B52F0 7 Bytes JMP B6C67B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9975360, 0x21DDFD, 0xE8000020]
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB9770EBF]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1868] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\intelppm.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\CmBatt.sys[NTOSKRNL.EXE!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\sdbus.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\mouclass.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\imapi.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\redbook.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\ks.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\HIDCLASS.SYS[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\audstub.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndistapi.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\msgpc.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\rdpdr.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\termdd.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\swenum.sys[NTOSKRNL.EXE!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\update.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\mssmbios.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\kbdhid.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\drivers\portcls.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Modem.SYS[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\usbhub.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Fs_Rec.SYS[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Null.SYS[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Msfs.SYS[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Npfs.SYS[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\rasacd.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F771763E] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F7717FE6] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F7717FE6] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[944] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[944] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1868] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] [00401640] C:\Programme\Alwil Software\Avast5\AvastSvc.exe (avast! Service/AVAST Software)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:56:06 on 21.06.2011 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.17 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "HWSETUP.cpl" - "TOSHIBA Corp." - C:\WINDOWS\system32\HWSETUP.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "LocalCOM.cpl" - "東芝公司" - C:\WINDOWS\system32\LocalCOM.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "TOSCDSPD.cpl" - ? - C:\WINDOWS\system32\TOSCDSPD.cpl (File found, but it contains no detailed information) "TPwrSave.cpl" - "TOSHIBA Corporation" - C:\WINDOWS\system32\TPwrSave.cpl "xhidcpl.cpl" - ? - C:\WINDOWS\system32\xhidcpl.cpl (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Desktop Search" - ? - C:\Programme\Windows Desktop Search\ControlPanel.cpl (File found, but it contains no detailed information) "SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP1.CPL "ToshSrv" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Controls\ToshSrv.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.5.3.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys "aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys "avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys "avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys "Bluetooth ACPI from TOSHIBA" (tosrfec) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tosrfec.sys "Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\WINDOWS\System32\drivers\BMLoad.sys "Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\WINDOWS\system32\drivers\tcpipBM.sys "catchme" (catchme) - ? - C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DLABOIOM" (DLABOIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLABOIOM.SYS "DLACDBHM" (DLACDBHM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS "DLADResN" (DLADResN) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLADResN.SYS "DLAIFS_M" (DLAIFS_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAIFS_M.SYS "DLAOPIOM" (DLAOPIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAOPIOM.SYS "DLAPoolM" (DLAPoolM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAPoolM.SYS "DLARTL_N" (DLARTL_N) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLARTL_N.SYS "DLAUDFAM" (DLAUDFAM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDFAM.SYS "DLAUDF_M" (DLAUDF_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDF_M.SYS "DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS "DRVNDDM" (DRVNDDM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\WINDOWS\System32\drivers\iviaspi.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbamswissarmy.sys "MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys "Padus ASPI Shell" (Pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Toshiba Mobile PC Service" (TVALD) - "Toshiba Corporation" - C:\WINDOWS\System32\DRIVERS\NBSMI.sys "TOSHIBA Network Device Usermode I/O Protocol" (Netdevio) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\netdevio.sys "TOSHIBA Virtual Sound with SRS technologies" (Tvs) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\Tvs.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WLAN Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\ashShell.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL {1B96FAD8-1C10-416E-8027-6EFF94045F6F} "FoxitPDFPreviewHandlerHost Class" - "Foxit Software Company" - C:\Programme\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\audiodev.dll {cc86590a-b60a-48e6-996b-41d25ed39a1e} "Portable Media Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\audiodev.dll {E91B2703-013E-4A99-AD33-2B6FB00AA356} "RecordNow! ContextMenuExt" - ? - C:\Programme\Sonic\RecordNow!\shlext.dll {DEE12703-6333-4D4E-8F34-738C4DCC2E04} "RecordNow! SendToExt" - ? - C:\Programme\Sonic\RecordNow!\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {97090E2F-3062-4459-855B-014F0D3CDBB1} "Windows Deskbar" - ? - (File not found | COM-object registry key not found) {13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll {D426CFD0-87FC-4906-98D9-A23F5D515D61} "Windows Desktop Search Outlook Express SearchProtocol Class" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\OEPH.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll {8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {EF99BD32-C1FB-11D2-892F-0090271D4F88} "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll "ICQ7.1" - "ICQ, LLC." - C:\Programme\ICQ7.1\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL {2F85D76C-0569-466F-A488-493E6BD0E955} "dsWebAllowBHO Class" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\dsWebAllow.dll {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} "EWPBrowseObject Class" - ? - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "TOSCDSPD" - "TOSHIBA" - C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AGRSMMSG" - "Agere Systems" - AGRSMMSG.exe "avast5" - "AVAST Software" - C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui "DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "DLA" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLACTRLW.EXE "Easy-PrintToolBox" - "CANON INC." - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon "IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless "IntelZeroConfig" - "Intel Corporation" - "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" "LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "MobileConnect" - "Vodafone" - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent "NDSTray.exe" - ? - NDSTray.exe (File not found) "NVRotateSysTray" - "NVIDIA Corporation" - rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable "nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet /keeploaded /nodetect "SmoothView" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "TFncKy" - ? - TFncKy.exe (File not found) "THotkey" - "TOSHIBA" - C:\Programme\Toshiba\Toshiba Applet\thotkey.exe "TPSMain" - "TOSHIBA Corporation" - TPSMain.exe "Tvs" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\Tvs\TvsTray.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll "Toshiba Bluetooth Monitor" - "Toshiba America Business Solutions, Inc." - C:\WINDOWS\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe "avast! Mail Scanner" (avast! Mail Scanner) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe "avast! Web Scanner" (avast! Web Scanner) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe "ConfigFree Service" (CFSvcs) - "TOSHIBA CORPORATION" - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe "Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "TOSHIBA Application Service" (TAPPSRV) - "TOSHIBA Corp." - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe "Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe "Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "BMI over [MSAFD Tcpip [RAW/IP]]" - "Bytemobile, Inc." - C:\WINDOWS\system32\bmnet.dll "BMI over [MSAFD Tcpip [TCP/IP]]" - "Bytemobile, Inc." - C:\WINDOWS\system32\bmnet.dll "BMI over [MSAFD Tcpip [UDP/IP]]" - "Bytemobile, Inc." - C:\WINDOWS\system32\bmnet.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBRCheck: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 152):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80701000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A7000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7596000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74D8000 pcmcia.sys
0xF7627000 MountMgr.sys
0xF74B9000 ftdisk.sys
0xF798B000 dmload.sys
0xF7493000 dmio.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF747B000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF745B000 fltmgr.sys
0xF7449000 sr.sys
0xF7433000 DRVMCDB.SYS
0xF7667000 PxHelp20.sys
0xF7870000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7843000 NDIS.sys
0xF7829000 Mup.sys
0xF7717000 BMLoad.sys
0xBA5CA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA7F8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9720000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB970C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB96E4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9543000 \SystemRoot\system32\DRIVERS\NETw3x32.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB951F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77EF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA5BA000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB94F7000 \SystemRoot\system32\drivers\tifm21.sys
0xB94E3000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB94BB000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xBA5AA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB948C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79BD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7807000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA59A000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF780F000 \SystemRoot\system32\drivers\iviaspi.sys
0xBA7E4000 \SystemRoot\system32\drivers\pfc.sys
0xF79BF000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA58A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7697000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9469000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79C1000 \SystemRoot\System32\Drivers\x10hid.sys
0xF76A7000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0xF7817000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
0xF7A98000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7536000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA7CC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9452000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7526000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7516000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77AF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB93EB000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7506000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9343000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7423000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79C9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB92E5000 \SystemRoot\system32\DRIVERS\update.sys
0xBA791000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF79CB000 \SystemRoot\system32\DRIVERS\NBSMI.sys
0xBA78D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7413000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB6DE2000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB6DBE000 \SystemRoot\system32\drivers\portcls.sys
0xF7403000 \SystemRoot\system32\drivers\drmk.sys
0xF7887000 \SystemRoot\system32\DRIVERS\Tvs.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\wowhd_kern_i386.sys
0xF7687000 \SystemRoot\system32\DRIVERS\csiidecoder_kern_i386.sys
0xB6CAB000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF781F000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA5DA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A03000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A63000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A05000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7777000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF7787000 \SystemRoot\System32\drivers\vga.sys
0xF7A07000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A09000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF777F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF778F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB941C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6C50000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB6BF7000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF779F000 \SystemRoot\System32\Drivers\tcpipBM.SYS
0xB6BD1000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF76D7000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF76E7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB6BA9000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB9404000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB6AE7000 \SystemRoot\System32\drivers\afd.sys
0xF7586000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB6ABC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB6A4C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7576000 \SystemRoot\System32\Drivers\Fips.SYS
0xB6A25000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF77A7000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF7546000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB69E5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF798F000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7947000 \SystemRoot\System32\drivers\Dxapi.sys
0xB93BB000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA79E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF3D9000 \SystemRoot\System32\ATMFD.DLL
0xB5F68000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xB5F64000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB6B69000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7A82000 \SystemRoot\System32\DLA\DLADResN.SYS
0xB5EE2000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB5F58000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF79D3000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xB937B000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB5EA2000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB5E8C000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xF77D7000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB5ED6000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB5F3C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB5F38000 \SystemRoot\system32\DRIVERS\netdevio.sys
0xB5445000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB4E78000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB4CA7000 \SystemRoot\System32\Drivers\HTTP.sys
0xB4BFF000 \SystemRoot\system32\DRIVERS\srv.sys
0xB48F2000 \SystemRoot\system32\drivers\wdmaud.sys
0xB508D000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3C10000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xF7767000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB30A7000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 65):
0 System Idle Process
4 System
800 C:\WINDOWS\system32\smss.exe
868 csrss.exe
896 C:\WINDOWS\system32\winlogon.exe
944 C:\WINDOWS\system32\services.exe
956 C:\WINDOWS\system32\lsass.exe
1168 C:\WINDOWS\system32\svchost.exe
1236 svchost.exe
1284 C:\WINDOWS\system32\svchost.exe
1340 C:\Programme\Intel\Wireless\Bin\EvtEng.exe
1456 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
1620 svchost.exe
1684 svchost.exe
1872 C:\Programme\Alwil Software\Avast5\AvastSvc.exe
276 C:\WINDOWS\explorer.exe
576 C:\WINDOWS\ehome\ehtray.exe
600 C:\WINDOWS\system32\rundll32.exe
648 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
692 C:\WINDOWS\system32\rundll32.exe
708 C:\WINDOWS\RTHDCPL.exe
716 C:\WINDOWS\agrsmmsg.exe
724 C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe
752 C:\Programme\Toshiba\ConfigFree\NDSTray.exe
764 C:\Programme\Toshiba\Tvs\TvsTray.exe
440 C:\Programme\Synaptics\SynTP\Toshiba.exe
788 C:\WINDOWS\system32\TPSBattM.exe
820 C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
832 C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe
876 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
1004 C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe
960 C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe
1184 C:\Programme\DivX\DivX Update\DivXUpdate.exe
1312 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
1324 C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
1416 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
1556 C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
1576 C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe
1596 C:\WINDOWS\system32\ctfmon.exe
1996 C:\WINDOWS\system32\spoolsv.exe
2064 svchost.exe
2092 C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
2108 C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
2156 C:\WINDOWS\ehome\ehrecvr.exe
2168 C:\WINDOWS\ehome\ehSched.exe
2280 C:\Programme\Java\jre6\bin\jqs.exe
2352 C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
2556 C:\WINDOWS\system32\nvsvc32.exe
2588 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
2736 svchost.exe
2824 C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
2908 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
2964 C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
3056 C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
3264 mcrdsvc.exe
2664 C:\WINDOWS\system32\dllhost.exe
1780 C:\WINDOWS\system32\wbem\wmiapsrv.exe
1788 C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
2988 alg.exe
3272 C:\WINDOWS\ehome\ehmsas.exe
2508 C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
2520 C:\Programme\Mozilla Firefox\firefox.exe
540 C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
3628 C:\WINDOWS\system32\notepad.exe
288 C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK1637GSX, Rev: DL020M
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
Geändert von Baraja (21.06.2011 um 15:02 Uhr) |
|
21.06.2011, 15:46
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kritischer Fehler Festplatte - Daten weg - Nichts geht mehr Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.06.2011, 15:27
| #15 |
| | Kritischer Fehler Festplatte - Daten weg - Nichts geht mehr Malewarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6926
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
23.06.2011 16:14:12
mbam-log-2011-06-23 (16-14-12).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 174806
Laufzeit: 4 Minute(n), 35 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
| Themen zu Kritischer Fehler Festplatte - Daten weg - Nichts geht mehr |
| 0x00000001, 4d36e972-e325-11ce-bfc1-08002be10318, 7-zip, adware.widgitoolbar, alternate, c:\windows\system32\rundll32.exe, canon, converter, desktop, disabletaskmgr, excel, festplatte, firefox, google earth, keine dateien, microsoft office word, office 2007, pdfforge toolbar, plug-in, pum.hidden.desktop, pum.hijack.displayproperties, pum.hijack.taskmanager, searchplugins, security update, spigot, symantec, trojan.fakealert, trojan.spyeyes, vodafone, windows, windows xp, wrapper |
Textbox.
.
Linear-Darstellung
