| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.SpyEyes.Gen in c:\cxlacuxatx.exe und c:\cxlacuxatx.exe\config.binWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.09.2011, 23:21
| #46 |
 |  Trojan.SpyEyes.Gen in c:\cxlacuxatx.exe und c:\cxlacuxatx.exe\config.bin OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.09.2011 00:04:42 - Run 3 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,99% Memory free 3,85 Gb Paging File | 3,49 Gb Available in Paging File | 90,84% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 39,06 Gb Total Space | 10,74 Gb Free Space | 27,50% Space Free | Partition Type: NTFS Drive D: | 333,54 Gb Total Space | 168,38 Gb Free Space | 50,48% Space Free | Partition Type: NTFS Computer Name: *** | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Unlocker\UnlockerAssistant.exe () PRC - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\WINDOWS\TBPanel.exe (Gainward Co.) PRC - C:\Programme\MMEDIA\TV Jukebox 3.1\tvjbMonitor.exe () PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.) PRC - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) PRC - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe (Hewlett-Packard Co.) PRC - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\Unlocker\UnlockerAssistant.exe () MOD - C:\Programme\Unlocker\UnlockerHook.dll () MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\nvshell.dll () MOD - C:\WINDOWS\TBPanelExt.dll () MOD - C:\Programme\MMEDIA\TV Jukebox 3.1\tvjbMonitor.exe () MOD - C:\WINDOWS\TBManage.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (aawservice) -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (AF15BDA) -- C:\WINDOWS\system32\drivers\AF15BDA.sys (AfaTech ) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis) DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (TBPanel) -- C:\WINDOWS\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (Cardex) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.) DRV - (APL531) -- C:\WINDOWS\system32\drivers\ov550i.sys (Omnivision Technologies, Inc.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (JGOGO) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron ) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1409082233-1390067357-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/CCBPL: C:\Programme\Canon\APU\npCCBPLFirefox.dll (Canon Inc.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.08.10 20:40:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.07 11:32:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.09.27 20:10:04 | 000,000,000 | ---D | M] [2011.08.19 08:19:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.09.07 11:32:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.09.07 11:32:09 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.07 11:32:09 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.09.07 11:32:09 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.09.07 11:32:09 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.07 11:32:09 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.07 11:32:09 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2002.08.29 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (CAdBlocker Object) - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\Programme\Acronis\PrivacyExpert\Pop-up Blocker.dll (Acronis) O4 - HKLM..\Run: [Acronis Popup Blocker] C:\Programme\Acronis\PrivacyExpert\Pop-up Blocker.dll (Acronis) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [Acronis*True*Image Monitor] C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Gainward] C:\WINDOWS\TBPanel.exe (Gainward Co.) O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe () O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [tvjbmonitor] C:\Programme\MMEDIA\TV Jukebox 3.1\tvjbMonitor.exe () O4 - HKLM..\Run: [UnlockerAssistant] C:\Programme\Unlocker\UnlockerAssistant.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hp psc 1000 series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) O4 - Startup: C:\Dokumente und Einstellungen\baf\Startmenü\Programme\Autostart\Smash 97.lnk = C:\SMOffice\SMApps\Smash\Smash.exe () O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1409082233-1390067357-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Acronis*Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\Programme\Acronis\PrivacyExpert\Pop-up Blocker.dll (Acronis) O9 - Extra 'Tools' menuitem : Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\Programme\Acronis\PrivacyExpert\Pop-up Blocker.dll (Acronis) O9 - Extra Button: CADE - {605E5D27-BFA0-471F-87ED-98A2623D633C} - C:\Programme\CADE 2.10.3\Web\new.htm () O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192812169718 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192883745296 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2007.10.21 00:22:58 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: aawservice - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: aawservice - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - File not found SafeBootNet: nm.sys - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: vsmon - Service SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899 ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439 ActiveX: {5DEDD928-2CBE-35E9-B002-85232EDB120A} - .NET Framework ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {BC260DB7-7F24-4B0D-AD96-0B663BDC8642} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567 ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL () Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL () Drivers32: VIDC.IV41 - C:\WINDOWS\System32\ir41_32.dll (Intel(R) Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.27 16:37:55 | 000,000,000 | ---D | C] -- C:\Avenger [2011.09.17 08:57:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun [2011.09.17 08:53:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ArcSoft [2011.09.17 08:52:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Real [2011.09.17 08:52:30 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache [2011.09.16 22:53:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth [2011.09.16 21:59:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2011.09.16 21:53:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2011.09.14 23:50:32 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.09.02 15:28:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.09.02 15:27:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.09.02 15:27:57 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.09.02 15:27:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.08.29 13:14:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe [2008.06.15 17:00:31 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Programme\Gemeinsame Dateien\keyhelp.ocx [2007.10.15 03:35:00 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\OMNIUNS.EXE [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.28 00:06:32 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI [2011.09.28 00:05:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011.09.28 00:02:06 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2011.09.28 00:01:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.09.28 00:01:54 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.09.28 00:01:54 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1390067357-725345543-1005.job [2011.09.28 00:01:54 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1390067357-725345543-1003.job [2011.09.27 23:55:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.09.27 23:20:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.09.16 23:31:15 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1390067357-725345543-1003.job [2011.09.16 22:53:28 | 000,001,893 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2011.09.16 22:45:19 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1390067357-725345543-1005.job [2011.09.16 18:27:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1279902383.job [2011.09.14 22:33:32 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.08.29 13:14:27 | 000,001,720 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.16 22:53:28 | 000,001,893 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2011.09.02 15:28:01 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.29 13:14:27 | 000,002,347 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk [2011.08.29 13:14:27 | 000,001,720 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2011.08.03 10:06:16 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ULead32.ini [2011.07.14 09:01:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2011.04.08 23:45:16 | 000,000,047 | ---- | C] () -- C:\WINDOWS\_dp_nb_f.ini [2011.01.27 21:37:12 | 000,000,258 | ---- | C] () -- C:\WINDOWS\mtb30.ini [2011.01.27 21:37:04 | 000,000,048 | ---- | C] () -- C:\WINDOWS\asym.ini [2010.12.27 20:50:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\ARTup.ini [2010.01.29 18:26:18 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\Tx12.dll [2010.01.29 18:26:18 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini [2010.01.26 21:33:43 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll [2010.01.26 21:33:20 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2010.01.26 21:32:52 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2009.10.25 15:33:07 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL [2009.09.01 09:40:40 | 000,015,541 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2009.09.01 09:40:18 | 000,015,213 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2008.12.20 20:00:47 | 000,000,196 | ---- | C] () -- C:\WINDOWS\System32\af15irtbl.bin [2008.12.20 13:11:16 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2008.08.28 11:43:37 | 000,019,571 | ---- | C] () -- C:\WINDOWS\hpoins01.dat [2008.08.28 11:43:37 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat [2008.08.19 21:41:00 | 000,000,074 | ---- | C] () -- C:\WINDOWS\tm.ini [2008.08.10 16:41:44 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.16 11:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2008.04.16 16:51:05 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.12.21 17:10:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odbcddp.ini [2007.10.26 18:35:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2007.10.25 00:09:40 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007.10.24 18:25:11 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll [2007.10.21 21:19:01 | 000,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTiCtwl.sys [2007.10.21 14:22:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI [2007.10.20 15:50:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2007.10.20 14:23:20 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2007.10.20 14:03:15 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.10.20 13:46:54 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2007.10.19 18:36:38 | 000,000,627 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.10.19 17:58:02 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI [2007.10.19 17:35:09 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2007.10.19 17:34:51 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007.10.19 17:32:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\TBPanelExt.dll [2007.10.19 17:32:08 | 000,026,624 | ---- | C] () -- C:\WINDOWS\TBZoom.exe [2007.10.19 17:32:08 | 000,012,285 | ---- | C] () -- C:\WINDOWS\Cadx3.ini [2007.10.19 17:32:08 | 000,005,120 | ---- | C] () -- C:\WINDOWS\TBManage.dll [2007.10.19 17:01:44 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll [2007.10.19 16:55:15 | 000,004,590 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007.10.19 16:54:17 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2007.10.19 16:53:50 | 000,298,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007.10.19 16:48:06 | 000,002,120 | R--- | C] () -- C:\WINDOWS\System32\SETUP.INI [2007.10.19 16:05:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2007.10.19 16:01:47 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2007.07.23 03:41:49 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007.07.23 03:41:49 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2007.07.23 03:41:49 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007.07.23 03:41:49 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2007.07.23 03:41:49 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007.07.23 03:41:49 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin [2007.07.23 03:41:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007.07.23 03:41:49 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2007.07.23 03:41:49 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2007.07.23 03:41:49 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007.07.23 03:41:49 | 000,007,728 | ---- | C] () -- C:\WINDOWS\cadx2.ini [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002.08.29 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002.08.29 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002.08.29 14:00:00 | 000,449,900 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2002.08.29 14:00:00 | 000,433,358 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002.08.29 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002.08.29 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2002.08.29 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002.08.29 14:00:00 | 000,080,848 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2002.08.29 14:00:00 | 000,068,122 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002.08.29 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002.08.29 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2002.08.29 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002.08.29 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002.08.29 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002.08.29 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2007.12.21 19:02:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Acronis [2008.08.21 14:40:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2007.10.20 13:46:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2008.09.13 14:00:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McNeel [2007.10.19 17:29:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies [2011.06.22 20:25:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2007.12.19 20:46:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\baf\Anwendungsdaten\Acronis [2008.08.16 07:58:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\baf\Anwendungsdaten\CadSoft [2008.08.20 22:30:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\baf\Anwendungsdaten\Canneverbe_Limited [2010.08.05 19:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\baf\Anwendungsdaten\CheckPoint [2010.01.22 17:02:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\baf\Anwendungsdaten\Dailymedia [2011.02.02 11:58:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\baf\Anwendungsdaten\GrabPro [2007.10.26 23:49:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\baf\Anwendungsdaten\gtk-2.0 [2011.07.12 15:19:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\baf\Anwendungsdaten\Imaxel [2008.01.14 19:28:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\baf\Anwendungsdaten\Mindjet [2011.08.12 16:34:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\baf\Anwendungsdaten\Orbit [2011.02.02 11:16:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\baf\Anwendungsdaten\ProgSense [2011.01.08 13:17:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\baf\Anwendungsdaten\tmx808 [2011.01.23 10:01:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\baf\Anwendungsdaten\XMedia Recode [2008.08.17 11:36:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acronis [2008.08.16 07:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CadSoft [2008.08.20 22:31:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canneverbe_Limited [2010.08.05 19:42:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint [2008.11.25 20:22:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Cornelsen [2010.01.22 17:04:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dailymedia [2010.03.15 18:21:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DasTelefonbuch Deutschland [2009.09.29 21:27:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Desktopicon [2011.09.27 23:21:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox [2010.11.17 12:01:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0 [2010.12.09 21:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Gutscheinmieze [2011.07.12 15:24:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Imaxel [2008.01.14 19:31:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mindjet [2011.03.05 22:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Orbit [2011.02.02 11:22:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ProgSense [2010.09.28 19:52:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Spesoft Audio Converter [2010.09.07 12:12:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Thunderbird [2010.03.15 18:21:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TVG [2011.01.23 14:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\XMedia Recode [2010.05.08 08:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Acronis [2010.09.27 07:06:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\CheckPoint [2011.09.16 18:27:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1279902383.job [2011.09.28 00:02:06 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2007.12.21 19:02:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Acronis [2008.08.26 21:58:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe [2007.12.21 19:02:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities [2007.12.30 16:15:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia [2011.09.17 20:22:35 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft [2011.09.17 08:52:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Real [2011.09.17 08:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2007.10.20 15:53:18 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.11.22 19:09:16 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2007.10.20 15:53:18 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008.11.22 19:09:16 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2002.08.29 14:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2007.10.20 15:53:18 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.11.22 19:09:16 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2007.10.20 15:53:18 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008.11.22 19:09:16 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys [2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 09:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 09:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 09:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 09:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll [2002.08.29 14:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 09:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 09:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2002.08.29 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2002.08.29 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2007.10.19 17:53:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2007.10.19 17:53:06 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2007.10.19 17:53:06 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > < End of report > Gute Nacht! Kammerjäger |
|
28.09.2011, 09:33
| #47 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan.SpyEyes.Gen in c:\cxlacuxatx.exe und c:\cxlacuxatx.exe\config.bin Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ |
|
28.09.2011, 10:10
| #48 |
| | Trojan.SpyEyes.Gen in c:\cxlacuxatx.exe und c:\cxlacuxatx.exe\config.bin TDSSKiller-Scan ist durch: No threats found
__________________Den Report kann ich allerdings nur markieren, nicht aber kopieren. Wie bekomme ich ihn dann ins Nachrichtenfenster??? Gruß & Dank Kammerjäger |
|
28.09.2011, 10:56
| #49 |
| | Trojan.SpyEyes.Gen in c:\cxlacuxatx.exe und c:\cxlacuxatx.exe\config.bin 10:50:31.0656 2292 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43 10:50:31.0671 2292 ============================================================ 10:50:31.0671 2292 Current date / time: 2011/09/28 10:50:31.0671 10:50:31.0671 2292 SystemInfo: 10:50:31.0671 2292 10:50:31.0671 2292 OS Version: 5.1.2600 ServicePack: 3.0 10:50:31.0671 2292 Product type: Workstation 10:50:31.0671 2292 ComputerName: *** 10:50:31.0671 2292 UserName: Administrator 10:50:31.0671 2292 Windows directory: C:\WINDOWS 10:50:31.0671 2292 System windows directory: C:\WINDOWS 10:50:31.0671 2292 Processor architecture: Intel x86 10:50:31.0671 2292 Number of processors: 2 10:50:31.0671 2292 Page size: 0x1000 10:50:31.0671 2292 Boot type: Normal boot 10:50:31.0671 2292 ============================================================ 10:50:32.0328 2292 Initialize success 10:51:52.0250 4020 ============================================================ 10:51:52.0250 4020 Scan started 10:51:52.0250 4020 Mode: Manual; 10:51:52.0250 4020 ============================================================ 10:51:52.0437 4020 Abiosdsk - ok 10:51:52.0453 4020 abp480n5 - ok 10:51:52.0500 4020 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:51:52.0500 4020 ACPI - ok 10:51:52.0546 4020 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 10:51:52.0546 4020 ACPIEC - ok 10:51:52.0593 4020 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys 10:51:52.0593 4020 ADIHdAudAddService - ok 10:51:52.0593 4020 adpu160m - ok 10:51:52.0625 4020 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys 10:51:52.0625 4020 AEAudio - ok 10:51:52.0640 4020 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 10:51:52.0656 4020 aec - ok 10:51:52.0687 4020 AF15BDA (ff5b096ed47c080870eacdab2de33ad6) C:\WINDOWS\system32\DRIVERS\AF15BDA.sys 10:51:52.0703 4020 AF15BDA - ok 10:51:52.0718 4020 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys 10:51:52.0734 4020 Afc - ok 10:51:52.0750 4020 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 10:51:52.0765 4020 AFD - ok 10:51:52.0765 4020 Aha154x - ok 10:51:52.0781 4020 aic78u2 - ok 10:51:52.0781 4020 aic78xx - ok 10:51:52.0796 4020 AliIde - ok 10:51:52.0796 4020 amsint - ok 10:51:52.0843 4020 APL531 (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\WINDOWS\system32\Drivers\ov550i.sys 10:51:52.0859 4020 APL531 - ok 10:51:52.0875 4020 asc - ok 10:51:52.0875 4020 asc3350p - ok 10:51:52.0890 4020 asc3550 - ok 10:51:52.0906 4020 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:51:52.0921 4020 AsyncMac - ok 10:51:52.0937 4020 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 10:51:52.0937 4020 atapi - ok 10:51:52.0937 4020 Atdisk - ok 10:51:52.0953 4020 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:51:52.0968 4020 Atmarpc - ok 10:51:52.0968 4020 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 10:51:52.0968 4020 audstub - ok 10:51:53.0031 4020 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 10:51:53.0031 4020 avgio - ok 10:51:53.0046 4020 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 10:51:53.0046 4020 avgntflt - ok 10:51:53.0078 4020 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 10:51:53.0093 4020 avipbb - ok 10:51:53.0093 4020 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 10:51:53.0093 4020 Beep - ok 10:51:53.0125 4020 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS 10:51:53.0125 4020 Cardex - ok 10:51:53.0156 4020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 10:51:53.0156 4020 cbidf2k - ok 10:51:53.0171 4020 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 10:51:53.0171 4020 CCDECODE - ok 10:51:53.0171 4020 cd20xrnt - ok 10:51:53.0187 4020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 10:51:53.0203 4020 Cdaudio - ok 10:51:53.0203 4020 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 10:51:53.0203 4020 Cdfs - ok 10:51:53.0218 4020 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:51:53.0218 4020 Cdrom - ok 10:51:53.0234 4020 Changer - ok 10:51:53.0250 4020 CmdIde - ok 10:51:53.0250 4020 Cpqarray - ok 10:51:53.0265 4020 dac2w2k - ok 10:51:53.0281 4020 dac960nt - ok 10:51:53.0296 4020 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 10:51:53.0296 4020 Disk - ok 10:51:53.0328 4020 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 10:51:53.0343 4020 dmboot - ok 10:51:53.0359 4020 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 10:51:53.0359 4020 dmio - ok 10:51:53.0375 4020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 10:51:53.0375 4020 dmload - ok 10:51:53.0406 4020 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 10:51:53.0406 4020 DMusic - ok 10:51:53.0421 4020 dpti2o - ok 10:51:53.0437 4020 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 10:51:53.0453 4020 drmkaud - ok 10:51:53.0468 4020 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 10:51:53.0468 4020 Fastfat - ok 10:51:53.0484 4020 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 10:51:53.0484 4020 Fdc - ok 10:51:53.0500 4020 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 10:51:53.0515 4020 Fips - ok 10:51:53.0515 4020 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 10:51:53.0531 4020 Flpydisk - ok 10:51:53.0546 4020 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 10:51:53.0546 4020 FltMgr - ok 10:51:53.0578 4020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:51:53.0578 4020 Fs_Rec - ok 10:51:53.0578 4020 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:51:53.0578 4020 Ftdisk - ok 10:51:53.0593 4020 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 10:51:53.0609 4020 GEARAspiWDM - ok 10:51:53.0625 4020 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:51:53.0625 4020 Gpc - ok 10:51:53.0656 4020 HDAudBus (cbc3def409549672b915fb9403d63f74) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 10:51:53.0656 4020 HDAudBus - ok 10:51:53.0703 4020 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:51:53.0703 4020 HidUsb - ok 10:51:53.0703 4020 hpn - ok 10:51:53.0734 4020 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 10:51:53.0734 4020 HPZid412 - ok 10:51:53.0750 4020 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 10:51:53.0750 4020 HPZipr12 - ok 10:51:53.0796 4020 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 10:51:53.0796 4020 HPZius12 - ok 10:51:53.0828 4020 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 10:51:53.0828 4020 HTTP - ok 10:51:53.0843 4020 i2omgmt - ok 10:51:53.0843 4020 i2omp - ok 10:51:53.0859 4020 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 10:51:53.0859 4020 i8042prt - ok 10:51:53.0875 4020 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 10:51:53.0890 4020 Imapi - ok 10:51:53.0890 4020 ini910u - ok 10:51:53.0906 4020 IntelIde - ok 10:51:53.0921 4020 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 10:51:53.0921 4020 intelppm - ok 10:51:53.0937 4020 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 10:51:53.0937 4020 ip6fw - ok 10:51:53.0953 4020 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:51:53.0968 4020 IpFilterDriver - ok 10:51:53.0984 4020 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:51:53.0984 4020 IpInIp - ok 10:51:54.0000 4020 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:51:54.0000 4020 IpNat - ok 10:51:54.0031 4020 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:51:54.0031 4020 IPSec - ok 10:51:54.0046 4020 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 10:51:54.0046 4020 IRENUM - ok 10:51:54.0078 4020 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:51:54.0078 4020 isapnp - ok 10:51:54.0093 4020 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys 10:51:54.0093 4020 JGOGO - ok 10:51:54.0109 4020 JRAID (f4a31e66a61c0783f51157519b03280b) C:\WINDOWS\system32\DRIVERS\jraid.sys 10:51:54.0109 4020 JRAID - ok 10:51:54.0109 4020 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:51:54.0125 4020 Kbdclass - ok 10:51:54.0140 4020 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 10:51:54.0140 4020 kbdhid - ok 10:51:54.0171 4020 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 10:51:54.0171 4020 kmixer - ok 10:51:54.0187 4020 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 10:51:54.0187 4020 KSecDD - ok 10:51:54.0203 4020 KUSBusByTCPMasterBus - ok 10:51:54.0218 4020 lbrtfdc - ok 10:51:54.0234 4020 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 10:51:54.0234 4020 mnmdd - ok 10:51:54.0250 4020 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 10:51:54.0250 4020 Modem - ok 10:51:54.0265 4020 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:51:54.0265 4020 Mouclass - ok 10:51:54.0281 4020 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 10:51:54.0281 4020 MountMgr - ok 10:51:54.0296 4020 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys 10:51:54.0296 4020 MPE - ok 10:51:54.0296 4020 mraid35x - ok 10:51:54.0328 4020 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:51:54.0328 4020 MRxDAV - ok 10:51:54.0359 4020 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:51:54.0359 4020 MRxSmb - ok 10:51:54.0375 4020 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 10:51:54.0375 4020 Msfs - ok 10:51:54.0390 4020 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:51:54.0390 4020 MSKSSRV - ok 10:51:54.0421 4020 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:51:54.0421 4020 MSPCLOCK - ok 10:51:54.0421 4020 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 10:51:54.0421 4020 MSPQM - ok 10:51:54.0437 4020 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:51:54.0437 4020 mssmbios - ok 10:51:54.0453 4020 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 10:51:54.0453 4020 MSTEE - ok 10:51:54.0468 4020 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 10:51:54.0484 4020 MTsensor - ok 10:51:54.0484 4020 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 10:51:54.0500 4020 Mup - ok 10:51:54.0515 4020 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 10:51:54.0515 4020 NABTSFEC - ok 10:51:54.0531 4020 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 10:51:54.0531 4020 NDIS - ok 10:51:54.0546 4020 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 10:51:54.0546 4020 NdisIP - ok 10:51:54.0562 4020 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:51:54.0562 4020 NdisTapi - ok 10:51:54.0578 4020 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:51:54.0578 4020 Ndisuio - ok 10:51:54.0609 4020 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:51:54.0609 4020 NdisWan - ok 10:51:54.0640 4020 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 10:51:54.0640 4020 NDProxy - ok 10:51:54.0656 4020 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 10:51:54.0656 4020 NetBIOS - ok 10:51:54.0671 4020 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 10:51:54.0671 4020 NetBT - ok 10:51:54.0703 4020 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 10:51:54.0703 4020 Npfs - ok 10:51:54.0734 4020 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 10:51:54.0734 4020 Ntfs - ok 10:51:54.0750 4020 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 10:51:54.0750 4020 Null - ok 10:51:54.0921 4020 nv (f8be83f0c686533170f7537e94bf411a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10:51:55.0031 4020 nv - ok 10:51:55.0062 4020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:51:55.0062 4020 NwlnkFlt - ok 10:51:55.0062 4020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:51:55.0078 4020 NwlnkFwd - ok 10:51:55.0093 4020 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 10:51:55.0093 4020 Parport - ok 10:51:55.0109 4020 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 10:51:55.0109 4020 PartMgr - ok 10:51:55.0125 4020 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 10:51:55.0125 4020 ParVdm - ok 10:51:55.0156 4020 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 10:51:55.0156 4020 PCI - ok 10:51:55.0156 4020 PCIDump - ok 10:51:55.0171 4020 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 10:51:55.0171 4020 PCIIde - ok 10:51:55.0187 4020 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 10:51:55.0203 4020 Pcmcia - ok 10:51:55.0203 4020 PDCOMP - ok 10:51:55.0203 4020 PDFRAME - ok 10:51:55.0218 4020 PDRELI - ok 10:51:55.0218 4020 PDRFRAME - ok 10:51:55.0234 4020 perc2 - ok 10:51:55.0234 4020 perc2hib - ok 10:51:55.0265 4020 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:51:55.0265 4020 PptpMiniport - ok 10:51:55.0265 4020 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 10:51:55.0281 4020 Processor - ok 10:51:55.0296 4020 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 10:51:55.0312 4020 PSched - ok 10:51:55.0328 4020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:51:55.0328 4020 Ptilink - ok 10:51:55.0328 4020 ql1080 - ok 10:51:55.0343 4020 Ql10wnt - ok 10:51:55.0343 4020 ql12160 - ok 10:51:55.0359 4020 ql1240 - ok 10:51:55.0359 4020 ql1280 - ok 10:51:55.0375 4020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:51:55.0375 4020 RasAcd - ok 10:51:55.0390 4020 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:51:55.0390 4020 Rasl2tp - ok 10:51:55.0406 4020 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:51:55.0406 4020 RasPppoe - ok 10:51:55.0421 4020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 10:51:55.0421 4020 Raspti - ok 10:51:55.0437 4020 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:51:55.0437 4020 Rdbss - ok 10:51:55.0453 4020 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:51:55.0453 4020 RDPCDD - ok 10:51:55.0453 4020 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:51:55.0468 4020 rdpdr - ok 10:51:55.0500 4020 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 10:51:55.0515 4020 RDPWD - ok 10:51:55.0515 4020 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 10:51:55.0531 4020 redbook - ok 10:51:55.0546 4020 RTLE8023xp (f58a92e8b9caebe2fa8e73ada7d9bd4c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 10:51:55.0562 4020 RTLE8023xp - ok 10:51:55.0593 4020 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:51:55.0593 4020 Secdrv - ok 10:51:55.0625 4020 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys 10:51:55.0640 4020 SenFiltService - ok 10:51:55.0640 4020 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 10:51:55.0656 4020 serenum - ok 10:51:55.0656 4020 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 10:51:55.0671 4020 Serial - ok 10:51:55.0671 4020 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 10:51:55.0687 4020 Sfloppy - ok 10:51:55.0687 4020 Simbad - ok 10:51:55.0703 4020 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 10:51:55.0718 4020 SLIP - ok 10:51:55.0734 4020 snapman (e48716ca3b919f949b3ed6d79026997f) C:\WINDOWS\system32\DRIVERS\snapman.sys 10:51:55.0734 4020 snapman - ok 10:51:55.0734 4020 Sparrow - ok 10:51:55.0750 4020 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 10:51:55.0750 4020 splitter - ok 10:51:55.0765 4020 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 10:51:55.0765 4020 sr - ok 10:51:55.0796 4020 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 10:51:55.0796 4020 Srv - ok 10:51:55.0812 4020 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 10:51:55.0828 4020 ssmdrv - ok 10:51:55.0843 4020 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 10:51:55.0843 4020 streamip - ok 10:51:55.0843 4020 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 10:51:55.0859 4020 swenum - ok 10:51:55.0875 4020 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 10:51:55.0890 4020 swmidi - ok 10:51:55.0890 4020 symc810 - ok 10:51:55.0906 4020 symc8xx - ok 10:51:55.0906 4020 sym_hi - ok 10:51:55.0921 4020 sym_u3 - ok 10:51:55.0937 4020 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 10:51:55.0937 4020 sysaudio - ok 10:51:55.0984 4020 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys 10:51:55.0984 4020 TBPanel - ok 10:51:56.0000 4020 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:51:56.0015 4020 Tcpip - ok 10:51:56.0046 4020 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys 10:51:56.0062 4020 Tcpip6 - ok 10:51:56.0062 4020 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 10:51:56.0078 4020 TDPIPE - ok 10:51:56.0078 4020 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 10:51:56.0078 4020 TDTCP - ok 10:51:56.0093 4020 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 10:51:56.0093 4020 TermDD - ok 10:51:56.0109 4020 tifsfilter (d3dfa308e1bc933b4814f6c1255749d1) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 10:51:56.0109 4020 tifsfilter - ok 10:51:56.0125 4020 timounter (0d934d177d984b5d81a11375227cd9ea) C:\WINDOWS\system32\DRIVERS\timntr.sys 10:51:56.0125 4020 timounter - ok 10:51:56.0125 4020 TosIde - ok 10:51:56.0140 4020 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 10:51:56.0140 4020 tunmp - ok 10:51:56.0156 4020 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 10:51:56.0171 4020 Udfs - ok 10:51:56.0171 4020 ultra - ok 10:51:56.0218 4020 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) C:\Programme\Unlocker\UnlockerDriver5.sys 10:51:56.0218 4020 UnlockerDriver5 - ok 10:51:56.0234 4020 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 10:51:56.0250 4020 Update - ok 10:51:56.0281 4020 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 10:51:56.0281 4020 USBAAPL - ok 10:51:56.0296 4020 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:51:56.0296 4020 usbccgp - ok 10:51:56.0312 4020 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 10:51:56.0328 4020 usbehci - ok 10:51:56.0328 4020 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:51:56.0343 4020 usbhub - ok 10:51:56.0359 4020 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 10:51:56.0359 4020 usbprint - ok 10:51:56.0390 4020 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 10:51:56.0390 4020 usbscan - ok 10:51:56.0406 4020 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:51:56.0406 4020 usbstor - ok 10:51:56.0421 4020 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 10:51:56.0437 4020 usbuhci - ok 10:51:56.0453 4020 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 10:51:56.0453 4020 VgaSave - ok 10:51:56.0468 4020 ViaIde - ok 10:51:56.0468 4020 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 10:51:56.0468 4020 VolSnap - ok 10:51:56.0484 4020 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:51:56.0484 4020 Wanarp - ok 10:51:56.0500 4020 WDICA - ok 10:51:56.0515 4020 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 10:51:56.0515 4020 wdmaud - ok 10:51:56.0578 4020 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 10:51:56.0578 4020 WpdUsb - ok 10:51:56.0593 4020 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 10:51:56.0609 4020 WSTCODEC - ok 10:51:56.0625 4020 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 10:51:56.0640 4020 WudfPf - ok 10:51:56.0656 4020 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 10:51:56.0656 4020 WudfRd - ok 10:51:56.0671 4020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 10:51:56.0781 4020 \Device\Harddisk0\DR0 - ok 10:51:56.0781 4020 Boot (0x1200) (204928fc622a01ceb882fec8734d4106) \Device\Harddisk0\DR0\Partition0 10:51:56.0781 4020 \Device\Harddisk0\DR0\Partition0 - ok 10:51:56.0796 4020 Boot (0x1200) (b5285c529789ef6a1401590269ee6ea1) \Device\Harddisk0\DR0\Partition1 10:51:56.0796 4020 \Device\Harddisk0\DR0\Partition1 - ok 10:51:56.0796 4020 ============================================================ 10:51:56.0796 4020 Scan finished 10:51:56.0796 4020 ============================================================ 10:51:56.0812 3700 Detected object count: 0 10:51:56.0812 3700 Actual detected object count: 0 Na also - geht doch (Strg+C) Gruß & Dank Kammerjäger |
|
28.09.2011, 11:14
| #50 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.SpyEyes.Gen in c:\cxlacuxatx.exe und c:\cxlacuxatx.exe\config.bin Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
Linear-Darstellung
