| |
| |||||||
Log-Analyse und Auswertung: Schwarzes Fenster: Aus Sicherheitsgründen wurde Ihr System blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.02.2012, 13:51
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Schwarzes Fenster: Aus Sicherheitsgründen wurde Ihr System blockiert Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.02.2012, 17:14
| #17 |
 | Schwarzes Fenster: Aus Sicherheitsgründen wurde Ihr System blockiert Hallo Cosinus,
__________________hier die OTL-Logdatei: Code:
ATTFilter OTL logfile created on: 16.02.2012 16:33:30 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Dauber\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 767,48 Mb Total Physical Memory | 337,52 Mb Available Physical Memory | 43,98% Memory free 1013,08 Mb Paging File | 533,95 Mb Available in Paging File | 52,71% Paging File free Paging file location(s): c:\pagefile.sys 288 576 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,52 Gb Total Space | 28,11 Gb Free Space | 37,72% Space Free | Partition Type: NTFS Computer Name: USER-6D961DF72B | User Name: Dauber | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.14 21:06:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dauber\Desktop\OTL.exe PRC - [2011.06.28 12:51:25 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.25 11:06:32 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.04.28 15:10:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.04 18:17:26 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.11.03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2006.11.03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MsMpEng.exe PRC - [2006.07.25 21:05:58 | 000,372,736 | ---- | M] (SANYO Electric Co., Ltd.) -- C:\Programme\SANYO\XactiScreenCapture\SetClip.exe PRC - [2006.03.06 18:48:46 | 000,286,720 | ---- | M] () -- C:\Programme\Lexmark 3400 Series\lxcymon.exe PRC - [2006.02.20 20:23:08 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcycoms.exe PRC - [2006.02.07 06:10:34 | 000,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Programme\Lexmark 3400 Series\ezprint.exe PRC - [2005.06.23 20:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe PRC - [2005.03.04 10:50:00 | 000,118,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE PRC - [2004.09.30 07:44:26 | 007,957,504 | ---- | M] (VIA Technologies, Inc.) -- C:\Programme\VIAudioi\SBADeck\ADeck.exe PRC - [2004.08.27 19:22:38 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\Autodetector\Monitor.exe PRC - [2004.08.24 16:26:34 | 000,671,744 | ---- | M] (D-Link) -- C:\Programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE PRC - [2004.07.30 17:50:24 | 000,286,720 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe PRC - [2004.01.15 13:33:44 | 000,049,152 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe PRC - [2002.05.03 09:47:46 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe PRC - [2001.12.10 17:34:06 | 000,020,739 | ---- | M] (BVRP Software) -- C:\Programme\Classic PhoneTools\capFax.exe ========== Modules (No Company Name) ========== MOD - [2012.01.02 01:36:20 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2011.10.13 23:53:44 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011.05.04 23:02:44 | 000,355,432 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nView\nvShell.dll MOD - [2011.05.04 23:02:42 | 001,558,120 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nView\nView.dll MOD - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe MOD - [2010.01.28 11:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2009.10.23 17:01:58 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2009.04.09 11:38:00 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\SearchRequire.dll MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2007.05.31 14:50:48 | 000,758,272 | ---- | M] () -- C:\Programme\PdfGrabber 4.0\PdfGrabberShellExt2.dll MOD - [2006.03.06 18:52:58 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\lxcycaps.dll MOD - [2006.03.06 18:52:58 | 000,065,536 | ---- | M] () -- C:\Programme\Lexmark 3400 Series\lxcycaps.dll MOD - [2006.03.06 18:51:28 | 000,692,224 | ---- | M] () -- C:\WINDOWS\system32\lxcydrs.dll MOD - [2006.03.06 18:48:46 | 000,286,720 | ---- | M] () -- C:\Programme\Lexmark 3400 Series\lxcymon.exe MOD - [2006.03.06 18:48:10 | 000,274,432 | ---- | M] () -- C:\Programme\Lexmark 3400 Series\lxcyscw.dll MOD - [2006.02.13 14:04:20 | 000,143,360 | ---- | M] () -- C:\Programme\Lexmark 3400 Series\lxcydrec.dll MOD - [2006.02.02 09:24:56 | 000,012,288 | ---- | M] () -- C:\Programme\Lexmark Fax Solutions\fxctrstr.dll MOD - [2006.02.02 09:12:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL MOD - [2006.02.02 09:10:20 | 000,032,768 | ---- | M] () -- C:\Programme\Lexmark Fax Solutions\ipcmt.dll MOD - [2006.01.25 23:11:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\lxcycnv4.dll MOD - [2006.01.25 17:27:42 | 000,241,664 | ---- | M] () -- C:\Programme\Lexmark 3400 Series\iptk.dll MOD - [2006.01.12 15:20:04 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcypp5c.dll MOD - [2005.03.04 10:47:18 | 000,155,648 | ---- | M] () -- C:\Programme\FRITZ!DSL\SSLEAY32.DLL MOD - [2005.03.04 10:46:44 | 000,790,528 | ---- | M] () -- C:\Programme\FRITZ!DSL\LIBEAY32.DLL MOD - [2004.08.20 18:09:14 | 000,086,016 | ---- | M] () -- C:\Programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\ExtWLANConfig.dll MOD - [2004.07.30 17:50:24 | 000,286,720 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe MOD - [2004.07.26 17:11:50 | 000,028,672 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Ulead Systems\Autodetector\DetMethod.dll MOD - [2004.04.19 10:31:02 | 000,032,768 | ---- | M] () -- C:\Programme\VIAudioi\SBADeck\ExtendDll.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.06.28 12:51:25 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.04.28 15:10:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe -- (DCService.exe) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.11.03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.02.20 20:23:08 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\lxcycoms.exe -- (lxcy_device) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.03.04 10:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) SRV - [2005.03.04 10:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv) ========== Driver Services (SafeList) ========== DRV - [2011.07.07 05:47:33 | 000,259,584 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\XHASP.sys -- (XHASP) DRV - [2011.06.28 12:51:34 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 12:51:34 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.05.22 13:48:20 | 000,070,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.03.25 09:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.08.05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2007.06.28 11:44:58 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007.06.28 11:44:18 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007.06.28 11:44:18 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007.06.28 11:44:16 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2006.11.22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006.02.23 10:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32) DRV - [2004.10.29 12:52:48 | 000,413,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2004.09.06 09:01:56 | 000,161,536 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM) DRV - [2004.08.20 18:09:14 | 000,062,865 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3) DRV - [2004.08.20 18:09:14 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) DRV - [2004.05.21 15:59:54 | 000,283,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GPLUS.sys -- (TNET1130) DRV - [2003.07.02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1) DRV - [2002.12.18 10:10:50 | 000,153,984 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWCD2.sys -- (HSFHWCD2) DRV - [2002.12.18 10:09:54 | 000,585,856 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2002.12.18 10:08:00 | 001,067,008 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA F9 5D 24 3B C7 C9 01 [binary data] IE - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1214440339-2111687655-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@ei.SmileyCentral_1v.com/Plugin: C:\Programme\SmileyCentral_1vEI\Installr\1.bin\NP1vEISB.dll (SmileyCentral) FF - HKLM\Software\MozillaPlugins\@eleco.com/o2cplayer: C:\Programme\o2c Player\npO2CPlayer.DLL (Eleco plc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.25 11:07:24 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,795 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.) O2 - BHO: (no name) - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - No CLSID value found. O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [AudioDeck] C:\Programme\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CapFax] C:\Programme\Classic PhoneTools\capFax.exe (BVRP Software) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [EzPrint] C:\Programme\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.) O4 - HKLM..\Run: [FaxCenterServer] C:\Programme\Lexmark Fax Solutions\fm3032.exe () O4 - HKLM..\Run: [LXCYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL () O4 - HKLM..\Run: [lxcymon.exe] C:\Programme\Lexmark 3400 Series\lxcymon.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\Autodetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004..\Run: [ffdwnd] C:\Dokumente und Einstellungen\Dauber\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\firefox.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE (D-Link) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ulead Kalendar Checker 4.0 SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe (Ulead Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Xacti Screen Capture 1.0.lnk = C:\WINDOWS\Installer\{57134099-FE12-4B1A-BB4A-80CCB04EBBE6}\_4ae13d6c.exe () O4 - Startup: C:\Dokumente und Einstellungen\Dauber\Startmenü\Programme\Autostart\OpenOffice.org 2.0.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-2111687655-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML File not found O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Save Page As PDF ... - C:\Programme\Nitro PDF\PDF Download\nitroweb.htm () O9 - Extra 'Tools' menuitem : PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\FRITZ!DSL\SARAH.DLL (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O15 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab (JordanUploader Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150054455562 (WUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab (IPSUploader Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.42.43.62 82.212.62.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0ACF02D9-DD9B-4DAE-A010-962D0852DEA3}: DhcpNameServer = 78.42.43.62 82.212.62.62 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Dauber\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Dauber\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.05.18 16:29:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{70da52fc-ead4-11e0-aace-001109c64412}\Shell - "" = AutoRun O33 - MountPoints2\{70da52fc-ead4-11e0-aace-001109c64412}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{70da52fc-ead4-11e0-aace-001109c64412}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{70da52fe-ead4-11e0-aace-001109c64412}\Shell - "" = AutoRun O33 - MountPoints2\{70da52fe-ead4-11e0-aace-001109c64412}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{70da52fe-ead4-11e0-aace-001109c64412}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: WinDefend - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: WinDefend - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB86EC62-CEA7-4C82-9EBA-B7A5E410E54C} - Reg Error: Value error. ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys. [2012.02.16 10:08:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012.02.15 23:03:51 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.02.14 21:06:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dauber\Desktop\OTL.exe [2012.02.13 11:30:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dauber\Lokale Einstellungen\Anwendungsdaten\Mozilla [2012.01.26 19:55:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dauber\4.0 [2012.01.26 19:55:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dauber\.tfo4 [2009.04.09 11:38:00 | 000,126,976 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.SHDocVw.dll [2006.09.16 20:47:01 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll [2006.09.16 20:47:00 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll [2006.09.16 20:44:00 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll [2006.09.16 20:44:00 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll [2006.09.16 20:43:59 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll [2006.09.16 20:43:59 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll [2006.09.16 20:43:59 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll [2006.09.16 20:43:58 | 000,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyih.exe [2006.09.16 20:43:57 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll [2006.09.16 20:43:56 | 000,495,616 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycoms.exe [2006.09.16 20:43:56 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll [2006.09.16 20:43:55 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll [2006.09.16 20:43:55 | 000,385,024 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycfg.exe [2006.06.12 08:02:36 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [2006.06.12 08:02:36 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll [2006.06.12 08:02:36 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys. [2012.02.16 16:39:03 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.02.16 16:39:03 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.02.16 09:52:14 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job [2012.02.16 04:43:03 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job [2012.02.15 22:59:58 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-2111687655-839522115-1004.job [2012.02.15 22:59:57 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-2111687655-839522115-1004.job [2012.02.15 20:08:47 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012.02.15 19:32:19 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Xacti Screen Capture 1.0.lnk [2012.02.15 19:31:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.02.14 21:06:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dauber\Desktop\OTL.exe [2012.02.14 17:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job [2012.02.13 11:14:55 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.02.10 17:15:00 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2012.02.06 09:02:17 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.02.04 10:51:54 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.21 09:05:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.01.17 21:49:28 | 000,448,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.01.17 21:49:28 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.01.17 21:49:28 | 000,080,338 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.01.17 21:49:28 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.04 10:51:54 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2011.07.11 13:39:34 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011.07.11 13:39:34 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011.07.11 13:39:34 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011.07.07 05:48:12 | 000,009,532 | ---- | C] () -- C:\WINDOWS\System32\drivers\808B18A5.bin [2011.07.07 05:47:33 | 000,259,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\XHASP.sys [2011.07.06 11:25:17 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE [2011.07.06 11:25:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hlduinst.exe [2011.07.06 11:25:17 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI [2011.07.06 11:24:41 | 000,697,926 | ---- | C] () -- C:\WINDOWS\unins000.exe [2011.07.06 11:24:41 | 000,046,825 | ---- | C] () -- C:\WINDOWS\unins000.dat [2011.05.21 05:01:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011.03.06 00:19:30 | 000,119,400 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.04.03 16:27:53 | 000,046,948 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009.04.09 11:38:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SearchRequire.dll [2008.12.21 12:13:45 | 000,205,758 | ---- | C] () -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\mdbu.bin [2008.07.16 18:09:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2008.01.04 12:36:34 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2007.06.10 15:38:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2007.06.10 15:35:45 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL [2007.01.17 19:43:45 | 000,000,517 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2007.01.17 19:43:00 | 000,000,239 | ---- | C] () -- C:\WINDOWS\KLETT.INI [2007.01.17 19:42:50 | 000,001,264 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.01.06 00:03:48 | 000,000,072 | ---- | C] () -- C:\WINDOWS\Pex.INI [2007.01.05 15:15:19 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini [2007.01.05 15:13:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini [2007.01.05 15:06:36 | 000,006,633 | R--- | C] () -- C:\WINDOWS\System32\drivers\firmware.bin [2007.01.05 13:48:41 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.09.16 20:47:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll [2006.09.16 20:46:59 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcycoin.dll [2006.09.16 20:46:19 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll [2006.09.16 20:46:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll [2006.09.16 20:46:18 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll [2006.09.16 20:45:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL [2006.09.16 20:45:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL [2006.09.16 20:44:00 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll [2006.06.12 08:02:38 | 000,286,720 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe [2006.06.12 08:02:37 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd3.sys [2006.06.12 08:02:37 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd3.dll [2006.06.12 08:02:37 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2006.06.12 08:02:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd3.exe [2006.04.25 10:31:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll [2006.04.01 10:27:13 | 000,030,720 | ---- | C] () -- C:\Dokumente und Einstellungen\Dauber\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.01.03 15:59:31 | 000,000,598 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006.01.03 13:36:36 | 000,001,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2005.10.14 18:26:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2005.10.09 18:17:53 | 000,006,850 | R--- | C] () -- C:\WINDOWS\Disktool.INI [2005.10.09 18:17:53 | 000,006,057 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini [2005.10.09 18:17:53 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI [2005.05.25 13:58:53 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2005.05.18 17:00:39 | 000,283,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\GPLUS.sys [2005.05.18 17:00:39 | 000,084,644 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad17.bin [2005.05.18 17:00:39 | 000,083,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad16.bin [2005.05.18 16:47:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll [2005.05.18 16:39:40 | 000,004,429 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.05.18 16:38:27 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005.05.18 16:32:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005.05.18 16:25:56 | 000,022,880 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004.08.04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 13:00:00 | 000,448,898 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.08.04 13:00:00 | 000,432,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 13:00:00 | 000,080,338 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.08.04 13:00:00 | 000,067,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2011.07.06 11:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BDE [2011.09.29 20:54:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService [2011.11.12 16:50:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2011.07.07 05:45:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PixelPlanet [2011.07.04 21:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RegCure [2011.11.06 12:58:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2007.01.05 15:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2007.01.05 23:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2009.03.17 07:57:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2011.01.20 19:34:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.11.05 14:32:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.04.10 18:44:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2011.08.08 10:33:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BC3827BC-FEE6-47F6-A08C-EAFB1CE3AA56} [2011.08.08 10:32:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{DA8DD039-AEE2-4D03-83AC-B1E508D4A724} [2011.11.08 20:22:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\elsterformular [2011.07.11 14:09:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\FRITZ! [2005.07.10 12:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Leadertech [2009.03.08 12:38:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\OpenOffice.org [2011.07.07 05:44:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\PixelPlanet [2007.01.05 15:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\TuneUp Software [2007.01.06 00:03:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Ulead Systems [2009.06.23 15:40:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Windows Live Writer [2012.02.10 17:15:00 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job [2012.02.15 20:08:47 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2012.02.14 17:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job [2012.02.16 09:52:14 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job [2012.02.16 04:43:03 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.08.08 10:34:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Adobe [2005.11.05 16:19:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\AdobeAUM [2008.07.16 14:46:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\AdobeUM [2011.01.20 19:42:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Apple Computer [2010.06.12 12:12:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Avira [2006.04.25 09:35:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\CyberLink [2011.11.08 20:22:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\elsterformular [2010.07.19 19:21:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\FaxCtr [2011.07.11 14:09:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\FRITZ! [2009.10.10 15:39:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Google [2011.09.20 08:42:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Help [2005.05.18 16:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Identities [2007.01.06 00:00:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Kodak [2005.07.10 12:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Leadertech [2005.08.02 15:47:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Macromedia [2011.07.04 14:50:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Malwarebytes [2011.08.10 14:23:47 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Microsoft [2009.03.08 12:38:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\OpenOffice.org [2009.03.08 12:24:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\OpenOffice.org2 [2011.07.07 05:44:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\PixelPlanet [2011.06.25 11:08:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Real [2011.09.05 20:06:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Skype [2011.09.05 15:00:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\skypePM [2005.12.31 17:15:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Sun [2007.01.05 13:44:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Symantec [2007.01.05 15:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\TuneUp Software [2011.12.22 15:07:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\U3 [2007.01.06 00:03:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Ulead Systems [2009.06.23 15:40:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Windows Live Writer < %APPDATA%\*.exe /s > [2007.08.28 07:22:15 | 023,813,608 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe [2008.07.16 14:37:57 | 022,319,360 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr710_de_DE.exe [2012.02.04 12:35:59 | 004,891,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\elsterformular\pluginmanager\tmp\install_dfv12.exe [2012.02.04 12:37:10 | 004,944,584 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\elsterformular\pluginmanager\tmp\install_lsta12.exe [2012.02.04 12:38:25 | 005,149,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\elsterformular\pluginmanager\tmp\install_lstb12.exe [2012.02.04 12:33:34 | 005,545,576 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\elsterformular\pluginmanager\tmp\install_par34a11.exe [2012.02.04 12:34:47 | 005,026,376 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\elsterformular\pluginmanager\tmp\install_ust11.exe [2012.02.04 12:39:38 | 004,939,152 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\elsterformular\pluginmanager\tmp\install_ustva12.exe [2012.02.04 12:30:09 | 012,718,200 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\elsterformular\pluginmanager\tmp\update_pica_0_7094_8086.exe [2012.02.04 12:44:42 | 004,449,656 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\elsterformular\pluginmanager\tmp\update_ustva_11_7094_8086.exe [2011.08.08 10:50:57 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.07.07 05:45:03 | 000,069,632 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Microsoft\Installer\{8DAEAEA6-BCA4-450C-9219-A84C81D8E54D}\ARPPRODUCTICON.exe [2011.07.07 05:45:03 | 000,021,886 | R--- | M] () -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Microsoft\Installer\{8DAEAEA6-BCA4-450C-9219-A84C81D8E54D}\NewShortcut1_27DC6280A26D4B449D41574FE91C22D3.exe [2011.07.07 05:45:03 | 000,069,632 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Microsoft\Installer\{8DAEAEA6-BCA4-450C-9219-A84C81D8E54D}\NewShortcut3_4859F549FCFC42FFBF9587D90140A3FB.exe [2011.07.07 05:45:03 | 000,069,632 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Microsoft\Installer\{8DAEAEA6-BCA4-450C-9219-A84C81D8E54D}\NewShortcut5_263C52C36CC74A01820415746500FF86.exe [2011.01.23 20:03:36 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Real\Update\setup3.13\setup.exe [2011.11.14 16:42:29 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe [2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\U3\temp\cleanup.exe [2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Dauber\Anwendungsdaten\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > [2001.05.24 11:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.09.20 09:52:34 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.09.20 09:52:34 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 13:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.09.20 09:52:34 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.09.20 09:52:34 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.06.11 19:20:48 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006.06.11 17:12:13 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav [2006.06.11 19:20:48 | 013,893,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006.06.11 19:20:49 | 003,145,728 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 117 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C3AE45C9 < End of report > Kriszi |
|
16.02.2012, 20:58
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzes Fenster: Aus Sicherheitsgründen wurde Ihr System blockiert Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA F9 5D 24 3B C7 C9 01 [binary data]
IE - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@ei.SmileyCentral_1v.com/Plugin: C:\Programme\SmileyCentral_1vEI\Installr\1.bin\NP1vEISB.dll (SmileyCentral)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (no name) - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004..\Run: [ffdwnd] C:\Dokumente und Einstellungen\Dauber\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\firefox.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\Dauber\Startmenü\Programme\Autostart\OpenOffice.org 2.0.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-2111687655-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.05.18 16:29:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{70da52fc-ead4-11e0-aace-001109c64412}\Shell - "" = AutoRun
O33 - MountPoints2\{70da52fc-ead4-11e0-aace-001109c64412}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{70da52fc-ead4-11e0-aace-001109c64412}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{70da52fe-ead4-11e0-aace-001109c64412}\Shell - "" = AutoRun
O33 - MountPoints2\{70da52fe-ead4-11e0-aace-001109c64412}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{70da52fe-ead4-11e0-aace-001109c64412}\Shell\AutoRun\command - "" = G:\AutoRun.exe
@Alternate Data Stream - 117 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C3AE45C9
:Files
C:\WINDOWS\System32\drivers\mshcmd.sys
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
17.02.2012, 10:36
| #19 |
| | Schwarzes Fenster: Aus Sicherheitsgründen wurde Ihr System blockiert Hallo Cosinus, hier ist die Log Datei: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-1214440339-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1214440339-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1214440339-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1214440339-2111687655-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.SmileyCentral_1v.com/Plugin\ deleted successfully.
C:\Programme\SmileyCentral_1vEI\Installr\1.bin\NP1vEISB.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.
C:\Programme\Lexmark Toolbar\toolband.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
File move failed. C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a194578-81ea-4850-9911-13ba2d71efbd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a194578-81ea-4850-9911-13ba2d71efbd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Programme\Google\Google Toolbar\GoogleToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
File C:\Programme\Lexmark Toolbar\toolband.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Programme\Google\Google Toolbar\GoogleToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}\ deleted successfully.
File WebPrint\Toolband.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-2111687655-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-2111687655-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-2111687655-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-2111687655-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
File C:\Programme\Lexmark Toolbar\toolband.dll not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-2111687655-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Programme\Google\Google Toolbar\GoogleToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-2111687655-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-2111687655-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ffdwnd deleted successfully.
C:\Dokumente und Einstellungen\Dauber\Startmenü\Programme\Autostart\OpenOffice.org 2.0.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-2111687655-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&ICQ Toolbar Search\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70da52fc-ead4-11e0-aace-001109c64412}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70da52fc-ead4-11e0-aace-001109c64412}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70da52fc-ead4-11e0-aace-001109c64412}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70da52fc-ead4-11e0-aace-001109c64412}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70da52fc-ead4-11e0-aace-001109c64412}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70da52fc-ead4-11e0-aace-001109c64412}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70da52fe-ead4-11e0-aace-001109c64412}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70da52fe-ead4-11e0-aace-001109c64412}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70da52fe-ead4-11e0-aace-001109c64412}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70da52fe-ead4-11e0-aace-001109c64412}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70da52fe-ead4-11e0-aace-001109c64412}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70da52fe-ead4-11e0-aace-001109c64412}\ not found.
File G:\AutoRun.exe not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C3AE45C9 deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\drivers\mshcmd.sys not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Dauber
->Temp folder emptied: 133998882 bytes
->Temporary Internet Files folder emptied: 89515446 bytes
->Java cache emptied: 93273884 bytes
->Apple Safari cache emptied: 2292736 bytes
->Flash cache emptied: 56943 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 2816536 bytes
->Temporary Internet Files folder emptied: 90952310 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4249097 bytes
%systemroot%\System32 .tmp files removed: 930183 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 96078283 bytes
RecycleBin emptied: 7095998 bytes
Total Files Cleaned = 497,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret < => in the current context!
OTL by OldTimer - Version 3.2.31.0 log created on 02172012_100907
Files\Folders moved on Reboot...
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll moved successfully.
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\TMP00000011B9576A56B0067697 not found!
Registry entries deleted on Reboot...
Gruß Kriszi |
|
17.02.2012, 11:40
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzes Fenster: Aus Sicherheitsgründen wurde Ihr System blockiert Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.02.2012, 13:46
| #21 |
| | Schwarzes Fenster: Aus Sicherheitsgründen wurde Ihr System blockiert Hallo Cosinus, es hat etwas gedauert, aber hier ist endlich die Lod Datei: Code:
ATTFilter 13:34:20.0406 2032 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
13:34:20.0546 2032 ============================================================
13:34:20.0546 2032 Current date / time: 2012/02/17 13:34:20.0546
13:34:20.0546 2032 SystemInfo:
13:34:20.0546 2032
13:34:20.0546 2032 OS Version: 5.1.2600 ServicePack: 3.0
13:34:20.0546 2032 Product type: Workstation
13:34:20.0546 2032 ComputerName: USER-6D961DF72B
13:34:20.0546 2032 UserName: Dauber
13:34:20.0546 2032 Windows directory: C:\WINDOWS
13:34:20.0546 2032 System windows directory: C:\WINDOWS
13:34:20.0546 2032 Processor architecture: Intel x86
13:34:20.0546 2032 Number of processors: 1
13:34:20.0546 2032 Page size: 0x1000
13:34:20.0546 2032 Boot type: Normal boot
13:34:20.0546 2032 ============================================================
13:34:23.0781 2032 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:34:23.0812 2032 \Device\Harddisk0\DR0:
13:34:23.0828 2032 MBR used
13:34:23.0828 2032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
13:34:23.0859 2032 Initialize success
13:34:23.0859 2032 ============================================================
13:35:19.0093 2556 ============================================================
13:35:19.0093 2556 Scan started
13:35:19.0093 2556 Mode: Manual; SigCheck; TDLFS;
13:35:19.0093 2556 ============================================================
13:35:19.0312 2556 Abiosdsk - ok
13:35:19.0375 2556 abp480n5 - ok
13:35:19.0468 2556 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:35:21.0609 2556 ACPI - ok
13:35:21.0703 2556 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:35:21.0921 2556 ACPIEC - ok
13:35:22.0000 2556 adpu160m - ok
13:35:22.0109 2556 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:35:22.0312 2556 aec - ok
13:35:22.0421 2556 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:35:22.0500 2556 AFD - ok
13:35:22.0578 2556 Aha154x - ok
13:35:22.0640 2556 aic78u2 - ok
13:35:22.0718 2556 aic78xx - ok
13:35:22.0812 2556 AliIde - ok
13:35:22.0890 2556 AmdK7 (3a0dafac778236559c14c7203fb550eb) C:\WINDOWS\system32\DRIVERS\amdk7.sys
13:35:23.0109 2556 AmdK7 - ok
13:35:23.0203 2556 amsint - ok
13:35:23.0343 2556 asc - ok
13:35:23.0390 2556 asc3350p - ok
13:35:23.0453 2556 asc3550 - ok
13:35:23.0578 2556 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:35:23.0781 2556 AsyncMac - ok
13:35:23.0937 2556 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:35:24.0156 2556 atapi - ok
13:35:24.0234 2556 Atdisk - ok
13:35:24.0343 2556 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:35:24.0546 2556 Atmarpc - ok
13:35:24.0734 2556 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:35:24.0968 2556 audstub - ok
13:35:25.0109 2556 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
13:35:25.0109 2556 avgio - ok
13:35:25.0218 2556 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:35:25.0265 2556 avgntflt - ok
13:35:25.0390 2556 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:35:25.0437 2556 avipbb - ok
13:35:25.0609 2556 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:35:25.0875 2556 Beep - ok
13:35:26.0062 2556 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:35:26.0343 2556 cbidf2k - ok
13:35:26.0453 2556 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:35:26.0656 2556 CCDECODE - ok
13:35:26.0718 2556 cd20xrnt - ok
13:35:26.0828 2556 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:35:27.0093 2556 Cdaudio - ok
13:35:27.0250 2556 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:35:27.0468 2556 Cdfs - ok
13:35:27.0609 2556 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:35:27.0796 2556 Cdrom - ok
13:35:27.0906 2556 Changer - ok
13:35:28.0031 2556 CmdIde - ok
13:35:28.0187 2556 Cpqarray - ok
13:35:28.0265 2556 dac2w2k - ok
13:35:28.0312 2556 dac960nt - ok
13:35:28.0453 2556 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:35:28.0671 2556 Disk - ok
13:35:28.0828 2556 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:35:29.0093 2556 dmboot - ok
13:35:29.0218 2556 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:35:29.0468 2556 dmio - ok
13:35:29.0578 2556 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:35:29.0843 2556 dmload - ok
13:35:30.0000 2556 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:35:30.0171 2556 DMusic - ok
13:35:30.0296 2556 dpti2o - ok
13:35:30.0390 2556 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:35:30.0656 2556 drmkaud - ok
13:35:30.0859 2556 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:35:31.0046 2556 Fastfat - ok
13:35:31.0203 2556 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:35:31.0421 2556 Fdc - ok
13:35:31.0484 2556 FETNDIS - ok
13:35:31.0609 2556 FETNDISB (a583bc166495b07f704533754ce29cbd) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
13:35:31.0687 2556 FETNDISB - ok
13:35:31.0843 2556 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:35:32.0031 2556 Fips - ok
13:35:32.0109 2556 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:35:32.0312 2556 Flpydisk - ok
13:35:32.0468 2556 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:35:32.0656 2556 FltMgr - ok
13:35:32.0812 2556 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
13:35:32.0828 2556 fssfltr - ok
13:35:32.0968 2556 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:35:33.0203 2556 Fs_Rec - ok
13:35:33.0296 2556 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:35:33.0578 2556 Ftdisk - ok
13:35:33.0703 2556 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:35:33.0718 2556 GEARAspiWDM - ok
13:35:33.0750 2556 GMSIPCI - ok
13:35:33.0875 2556 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:35:34.0046 2556 Gpc - ok
13:35:34.0187 2556 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys
13:35:34.0312 2556 Hardlock - ok
13:35:34.0437 2556 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:35:34.0640 2556 HidUsb - ok
13:35:34.0765 2556 hpn - ok
13:35:34.0875 2556 HSFHWCD2 (16b6a3c4c9e9977d9a6f751679c9a36c) C:\WINDOWS\system32\DRIVERS\HSFHWCD2.sys
13:35:34.0906 2556 HSFHWCD2 ( UnsignedFile.Multi.Generic ) - warning
13:35:34.0906 2556 HSFHWCD2 - detected UnsignedFile.Multi.Generic (1)
13:35:35.0062 2556 HSF_DP (4640edf3ced93a691cee759e41ce7ff5) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
13:35:35.0187 2556 HSF_DP ( UnsignedFile.Multi.Generic ) - warning
13:35:35.0187 2556 HSF_DP - detected UnsignedFile.Multi.Generic (1)
13:35:35.0296 2556 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:35:35.0437 2556 HTTP - ok
13:35:35.0562 2556 huawei_enumerator (bb3c8e4b88842f3a1b9c5d603210c277) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
13:35:35.0750 2556 huawei_enumerator - ok
13:35:35.0859 2556 hwdatacard (3e3bfe85b9fe3720bf4c108f57c945fb) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
13:35:35.0953 2556 hwdatacard - ok
13:35:36.0046 2556 i2omgmt - ok
13:35:36.0109 2556 i2omp - ok
13:35:36.0203 2556 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:35:36.0390 2556 i8042prt - ok
13:35:36.0531 2556 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:35:36.0734 2556 Imapi - ok
13:35:36.0843 2556 ini910u - ok
13:35:36.0953 2556 IntelIde - ok
13:35:37.0078 2556 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:35:37.0281 2556 Ip6Fw - ok
13:35:37.0390 2556 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:35:37.0640 2556 IpFilterDriver - ok
13:35:37.0734 2556 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:35:37.0921 2556 IpInIp - ok
13:35:38.0078 2556 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:35:38.0265 2556 IpNat - ok
13:35:38.0421 2556 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:35:38.0609 2556 IPSec - ok
13:35:38.0750 2556 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:35:38.0937 2556 IRENUM - ok
13:35:39.0078 2556 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:35:39.0250 2556 isapnp - ok
13:35:39.0406 2556 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:35:39.0593 2556 Kbdclass - ok
13:35:39.0718 2556 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:35:39.0906 2556 kmixer - ok
13:35:40.0031 2556 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:35:40.0140 2556 KSecDD - ok
13:35:40.0265 2556 lbrtfdc - ok
13:35:40.0421 2556 mdmxsdk (29174d3d90ee4244fda6355a859691be) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:35:40.0500 2556 mdmxsdk ( UnsignedFile.Multi.Generic ) - warning
13:35:40.0500 2556 mdmxsdk - detected UnsignedFile.Multi.Generic (1)
13:35:40.0781 2556 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:35:41.0046 2556 mnmdd - ok
13:35:41.0171 2556 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:35:41.0343 2556 Modem - ok
13:35:41.0437 2556 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:35:41.0609 2556 Mouclass - ok
13:35:41.0750 2556 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:35:42.0015 2556 mouhid - ok
13:35:42.0109 2556 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:35:42.0296 2556 MountMgr - ok
13:35:42.0390 2556 mraid35x - ok
13:35:42.0484 2556 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:35:42.0687 2556 MRxDAV - ok
13:35:42.0828 2556 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:35:42.0953 2556 MRxSmb - ok
13:35:43.0109 2556 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:35:43.0312 2556 Msfs - ok
13:35:43.0437 2556 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:35:43.0625 2556 MSKSSRV - ok
13:35:43.0718 2556 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:35:43.0921 2556 MSPCLOCK - ok
13:35:44.0015 2556 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:35:44.0218 2556 MSPQM - ok
13:35:44.0312 2556 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:35:44.0500 2556 mssmbios - ok
13:35:44.0609 2556 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:35:44.0812 2556 MSTEE - ok
13:35:44.0921 2556 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:35:45.0000 2556 Mup - ok
13:35:45.0125 2556 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:35:45.0328 2556 NABTSFEC - ok
13:35:45.0468 2556 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:35:45.0640 2556 NDIS - ok
13:35:45.0796 2556 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:35:46.0000 2556 NdisIP - ok
13:35:46.0125 2556 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:35:46.0187 2556 NdisTapi - ok
13:35:46.0296 2556 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:35:46.0484 2556 Ndisuio - ok
13:35:46.0671 2556 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:35:46.0859 2556 NdisWan - ok
13:35:46.0953 2556 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:35:47.0015 2556 NDProxy - ok
13:35:47.0140 2556 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:35:47.0312 2556 NetBIOS - ok
13:35:47.0453 2556 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:35:47.0640 2556 NetBT - ok
13:35:47.0859 2556 nmwcd (e380bbcad640304737650367ddfa2366) C:\WINDOWS\system32\drivers\nmwcd.sys
13:35:47.0984 2556 nmwcd - ok
13:35:48.0078 2556 nmwcdc (3c4650af9712ae0cb405064b6278ccad) C:\WINDOWS\system32\drivers\nmwcdc.sys
13:35:48.0156 2556 nmwcdc - ok
13:35:48.0296 2556 nmwcdcj (9c9ff3ec04021234d6f440acbd3b70c1) C:\WINDOWS\system32\drivers\nmwcdcj.sys
13:35:48.0343 2556 nmwcdcj - ok
13:35:48.0484 2556 nmwcdcm (9c9ff3ec04021234d6f440acbd3b70c1) C:\WINDOWS\system32\drivers\nmwcdcm.sys
13:35:48.0515 2556 nmwcdcm - ok
13:35:48.0640 2556 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:35:48.0828 2556 Npfs - ok
13:35:48.0953 2556 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:35:49.0218 2556 Ntfs - ok
13:35:49.0328 2556 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:35:49.0593 2556 Null - ok
13:35:50.0187 2556 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:35:51.0359 2556 nv - ok
13:35:51.0515 2556 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:35:51.0796 2556 NwlnkFlt - ok
13:35:51.0921 2556 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:35:52.0203 2556 NwlnkFwd - ok
13:35:52.0359 2556 odysseyIM3 (5dcc587deba479b1f8e33aa8fb079b8a) C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
13:35:52.0375 2556 odysseyIM3 ( UnsignedFile.Multi.Generic ) - warning
13:35:52.0375 2556 odysseyIM3 - detected UnsignedFile.Multi.Generic (1)
13:35:52.0531 2556 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:35:52.0718 2556 Parport - ok
13:35:52.0890 2556 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:35:53.0062 2556 PartMgr - ok
13:35:53.0218 2556 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:35:53.0484 2556 ParVdm - ok
13:35:53.0640 2556 PCANDIS5 (58c5ea3de400fe1d08cfeca6d5c14ebd) C:\WINDOWS\system32\PCANDIS5.SYS
13:35:53.0687 2556 PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
13:35:53.0687 2556 PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
13:35:53.0781 2556 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:35:53.0953 2556 PCI - ok
13:35:54.0046 2556 PCIDump - ok
13:35:54.0109 2556 PCIIde - ok
13:35:54.0250 2556 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:35:54.0453 2556 Pcmcia - ok
13:35:54.0546 2556 PDCOMP - ok
13:35:54.0625 2556 PDFRAME - ok
13:35:54.0703 2556 PDRELI - ok
13:35:54.0765 2556 PDRFRAME - ok
13:35:54.0812 2556 perc2 - ok
13:35:54.0859 2556 perc2hib - ok
13:35:55.0078 2556 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:35:55.0250 2556 PptpMiniport - ok
13:35:55.0437 2556 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:35:55.0625 2556 PSched - ok
13:35:55.0734 2556 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:35:55.0968 2556 Ptilink - ok
13:35:56.0062 2556 ql1080 - ok
13:35:56.0125 2556 Ql10wnt - ok
13:35:56.0171 2556 ql12160 - ok
13:35:56.0218 2556 ql1240 - ok
13:35:56.0281 2556 ql1280 - ok
13:35:56.0375 2556 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:35:56.0656 2556 RasAcd - ok
13:35:56.0812 2556 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:35:56.0984 2556 Rasl2tp - ok
13:35:57.0140 2556 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:35:57.0328 2556 RasPppoe - ok
13:35:57.0421 2556 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:35:57.0687 2556 Raspti - ok
13:35:57.0812 2556 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:35:57.0984 2556 Rdbss - ok
13:35:58.0109 2556 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:35:58.0375 2556 RDPCDD - ok
13:35:58.0546 2556 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:35:58.0625 2556 RDPWD - ok
13:35:58.0718 2556 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:35:58.0906 2556 redbook - ok
13:35:59.0171 2556 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:35:59.0343 2556 Secdrv - ok
13:35:59.0500 2556 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:35:59.0703 2556 serenum - ok
13:35:59.0796 2556 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:35:59.0984 2556 Serial - ok
13:36:00.0156 2556 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:36:00.0343 2556 Sfloppy - ok
13:36:00.0765 2556 Simbad - ok
13:36:00.0843 2556 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:36:01.0031 2556 SLIP - ok
13:36:01.0171 2556 SNPSTD3 (43b8c052890896c6d1617ca90b2730e0) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
13:36:01.0250 2556 SNPSTD3 ( UnsignedFile.Multi.Generic ) - warning
13:36:01.0250 2556 SNPSTD3 - detected UnsignedFile.Multi.Generic (1)
13:36:01.0375 2556 Sparrow - ok
13:36:01.0468 2556 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:36:01.0671 2556 splitter - ok
13:36:01.0796 2556 SQTECH9080 - ok
13:36:01.0890 2556 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:36:02.0078 2556 sr - ok
13:36:02.0250 2556 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:36:02.0359 2556 Srv - ok
13:36:02.0500 2556 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:36:02.0515 2556 ssmdrv - ok
13:36:02.0656 2556 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:36:02.0828 2556 streamip - ok
13:36:02.0953 2556 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:36:03.0140 2556 swenum - ok
13:36:03.0250 2556 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:36:03.0421 2556 swmidi - ok
13:36:03.0546 2556 symc810 - ok
13:36:03.0625 2556 symc8xx - ok
13:36:03.0687 2556 sym_hi - ok
13:36:03.0750 2556 sym_u3 - ok
13:36:03.0843 2556 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:36:04.0031 2556 sysaudio - ok
13:36:04.0234 2556 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:36:04.0359 2556 Tcpip - ok
13:36:04.0484 2556 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:36:04.0671 2556 TDPIPE - ok
13:36:04.0734 2556 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:36:04.0906 2556 TDTCP - ok
13:36:05.0031 2556 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:36:05.0203 2556 TermDD - ok
13:36:05.0375 2556 TNET1130 (96e5d1f45fb555c913553701efab6ecc) C:\WINDOWS\system32\DRIVERS\GPlus.sys
13:36:05.0437 2556 TNET1130 - ok
13:36:05.0546 2556 TosIde - ok
13:36:05.0703 2556 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
13:36:05.0875 2556 uagp35 - ok
13:36:05.0968 2556 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:36:06.0156 2556 Udfs - ok
13:36:06.0250 2556 ultra - ok
13:36:06.0390 2556 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:36:06.0609 2556 Update - ok
13:36:06.0781 2556 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:36:06.0843 2556 USBAAPL - ok
13:36:07.0000 2556 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:36:07.0187 2556 usbccgp - ok
13:36:07.0359 2556 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:36:07.0531 2556 usbehci - ok
13:36:07.0671 2556 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:36:07.0859 2556 usbhub - ok
13:36:08.0000 2556 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:36:08.0187 2556 usbprint - ok
13:36:08.0250 2556 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:36:08.0453 2556 usbscan - ok
13:36:08.0593 2556 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:36:08.0765 2556 USBSTOR - ok
13:36:08.0906 2556 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:36:09.0078 2556 usbuhci - ok
13:36:09.0203 2556 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:36:09.0359 2556 usbvideo - ok
13:36:09.0484 2556 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:36:09.0640 2556 VgaSave - ok
13:36:09.0781 2556 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
13:36:09.0828 2556 viaagp1 - ok
13:36:10.0203 2556 viagfx (0cc705db634a3bc355887e3d478dd386) C:\WINDOWS\system32\DRIVERS\vtmini.sys
13:36:10.0281 2556 viagfx - ok
13:36:10.0437 2556 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\drivers\ViaIde.sys
13:36:10.0625 2556 ViaIde - ok
13:36:10.0812 2556 VIAudio (2e1ffc794290d9b16f1db1084583e655) C:\WINDOWS\system32\drivers\vinyl97.sys
13:36:10.0906 2556 VIAudio - ok
13:36:11.0000 2556 videX32 (c8ee49fa76eb7c41a9cddfe58151a74e) C:\WINDOWS\system32\DRIVERS\videX32.sys
13:36:11.0046 2556 videX32 - ok
13:36:11.0203 2556 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:36:11.0437 2556 VolSnap - ok
13:36:11.0546 2556 vulfnths (c0f55cc0903cfdc819f6d857402b697c) C:\WINDOWS\System32\Drivers\vulfnth.sys
13:36:11.0593 2556 vulfnths ( UnsignedFile.Multi.Generic ) - warning
13:36:11.0593 2556 vulfnths - detected UnsignedFile.Multi.Generic (1)
13:36:11.0703 2556 vulfntrs (545d98a7f61af1c7c4ad38b8f333e0b7) C:\WINDOWS\System32\Drivers\vulfntr.sys
13:36:11.0734 2556 vulfntrs ( UnsignedFile.Multi.Generic ) - warning
13:36:11.0734 2556 vulfntrs - detected UnsignedFile.Multi.Generic (1)
13:36:11.0875 2556 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:36:12.0062 2556 Wanarp - ok
13:36:12.0171 2556 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:36:12.0218 2556 Wdf01000 - ok
13:36:12.0312 2556 WDICA - ok
13:36:12.0421 2556 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:36:12.0609 2556 wdmaud - ok
13:36:12.0750 2556 winachsf (c42ddc6f8a3cf3e1309fc627fea30623) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:36:12.0828 2556 winachsf ( UnsignedFile.Multi.Generic ) - warning
13:36:12.0828 2556 winachsf - detected UnsignedFile.Multi.Generic (1)
13:36:13.0093 2556 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:36:13.0359 2556 WS2IFSL - ok
13:36:13.0500 2556 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:36:13.0687 2556 WSTCODEC - ok
13:36:13.0859 2556 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:36:13.0921 2556 WudfPf - ok
13:36:14.0031 2556 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:36:14.0062 2556 WudfRd - ok
13:36:14.0218 2556 XHASP (e22df15af05e35a8263d03e6b375090a) c:\windows\system32\drivers\XHASP.sys
13:36:14.0265 2556 XHASP ( UnsignedFile.Multi.Generic ) - warning
13:36:14.0265 2556 XHASP - detected UnsignedFile.Multi.Generic (1)
13:36:14.0359 2556 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
13:36:14.0625 2556 \Device\Harddisk0\DR0 - ok
13:36:14.0656 2556 Boot (0x1200) (73697b8d7a43b11108eebe7bedeafa7d) \Device\Harddisk0\DR0\Partition0
13:36:14.0671 2556 \Device\Harddisk0\DR0\Partition0 - ok
13:36:14.0671 2556 ============================================================
13:36:14.0671 2556 Scan finished
13:36:14.0671 2556 ============================================================
13:36:14.0875 1872 Detected object count: 10
13:36:14.0875 1872 Actual detected object count: 10
13:38:34.0156 1872 HSFHWCD2 ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:34.0156 1872 HSFHWCD2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:38:34.0156 1872 HSF_DP ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:34.0156 1872 HSF_DP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:38:34.0156 1872 mdmxsdk ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:34.0156 1872 mdmxsdk ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:38:34.0171 1872 odysseyIM3 ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:34.0171 1872 odysseyIM3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:38:34.0187 1872 PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:34.0187 1872 PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:38:34.0187 1872 SNPSTD3 ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:34.0187 1872 SNPSTD3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:38:34.0203 1872 vulfnths ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:34.0203 1872 vulfnths ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:38:34.0203 1872 vulfntrs ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:34.0203 1872 vulfntrs ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:38:34.0218 1872 winachsf ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:34.0218 1872 winachsf ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:38:34.0218 1872 XHASP ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:34.0218 1872 XHASP ( UnsignedFile.Multi.Generic ) - User select action: Skip
Kriszi |
|
17.02.2012, 14:29
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzes Fenster: Aus Sicherheitsgründen wurde Ihr System blockiert Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.02.2012, 15:34
| #23 |
| | Schwarzes Fenster: Aus Sicherheitsgründen wurde Ihr System blockiert Hallo Cosinus, hier der Inhalt der ComboFix.txt Logdatei (habe ich es richtig verstanden, war dieses mal keine Übermittlung mit Code Tags erforderlich?): ________________________________________________________________ Combofix Logfile: Code:
ATTFilter ComboFix 12-02-17.02 - Dauber 17.02.2012 15:01:44.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.767.376 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Dauber\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Dauber\4.0
c:\dokumente und einstellungen\Dauber\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\UNWISE.EXE
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-17 bis 2012-02-17 ))))))))))))))))))))))))))))))
.
.
2012-02-17 09:09 . 2012-02-17 09:09 -------- d-----w- C:\_OTL
2012-02-16 09:07 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 09:07 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-16 09:06 . 2012-01-06 04:19 6557240 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Windows Defender\Definition Updates\{2DA6C252-A9F7-4CE4-A21B-5F53C2CE31A8}\mpengine.dll
2012-02-15 22:03 . 2012-02-15 22:03 -------- d-----w- c:\programme\ESET
2012-02-13 10:30 . 2012-02-13 10:30 -------- d-----w- c:\dokumente und einstellungen\Dauber\Lokale Einstellungen\Anwendungsdaten\Mozilla
2012-01-26 18:55 . 2012-01-26 18:55 -------- d-----w- c:\dokumente und einstellungen\Dauber\.tfo4
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2009-10-03 09:38 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 17:20 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 04:19 . 2007-08-28 10:19 6557240 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-12-17 19:43 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:43 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:43 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 14:24 . 2011-07-04 13:49 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-04 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-20 06:12 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\packager.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-01-15 49152]
"AudioDeck"="c:\programme\VIAudioi\SBADeck\ADeck.exe" [2004-09-30 7957504]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"snpstd3"="c:\windows\vsnpstd3.exe" [2004-07-30 286720]
"lxcymon.exe"="c:\programme\Lexmark 3400 Series\lxcymon.exe" [2006-03-06 286720]
"EzPrint"="c:\programme\Lexmark 3400 Series\ezprint.exe" [2006-02-07 98304]
"FaxCenterServer"="c:\programme\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 65536]
"CapFax"="c:\programme\Classic PhoneTools\CapFax.EXE" [2001-12-10 20739]
"Ulead AutoDetector v2"="c:\programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-25 273544]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-21 111208]
"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
D-Link AirPlus G+ Wireless Adapter Utility.lnk - c:\programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE [2005-6-26 671744]
Ulead Kalendar Checker 4.0 SE.lnk - c:\programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2006-9-24 69632]
Xacti Screen Capture 1.0.lnk - c:\windows\Installer\{57134099-FE12-4B1A-BB4A-80CCB04EBBE6}\_4ae13d6c.exe [2007-1-6 128198]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Gemeinsame Dateien\\XPressUpdate\\XPressUpdate.exe"=
"c:\\Programme\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20.03.2009 16:30 136360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [11.07.2011 13:43 2214504]
R2 WinDefend;Windows Defender;c:\programme\Windows Defender\MsMpEng.exe [03.11.2006 18:19 13592]
R2 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [07.07.2011 05:47 259584]
R3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [05.01.2007 15:06 153984]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [29.09.2011 20:53 70656]
R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;c:\windows\system32\drivers\GPLUS.sys [18.05.2005 17:00 283392]
S2 DCService.exe;DCService.exe;c:\dokumente und einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe [08.05.2010 12:48 229376]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [10.10.2009 15:36 133104]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [10.10.2009 15:36 133104]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 85104460
*Deregistered* - 85104460
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-10-10 14:36]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-10-10 14:36]
.
2012-02-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
2012-02-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-2111687655-839522115-1004.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2012-02-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-2111687655-839522115-1004.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2012-02-16 c:\windows\Tasks\RegCure Program Check.job
- c:\programme\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-02-17 c:\windows\Tasks\RegCure Startup.job
- c:\programme\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-02-16 c:\windows\Tasks\RegCure.job
- c:\programme\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save Page As PDF ... - file://c:\programme\Nitro PDF\PDF Download\nitroweb.htm
LSP: c:\programme\FRITZ!DSL\sarah.dll
TCP: DhcpNameServer = 78.42.43.62 82.212.62.62
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Easy-WebPrint - c:\windows\IsUn0407.exe
AddRemove-FRITZ!DSL - c:\windows\IsUn0407.exe
AddRemove-Hardlock Gerätetreiber - c:\windows\system32\UNWISE.EXE
AddRemove-S3 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-17 15:13
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(1112)
c:\programme\FRITZ!DSL\sarah.dll
c:\programme\FRITZ!DSL\block.dll
c:\programme\FRITZ!DSL\avmcsock.dll
c:\programme\FRITZ!DSL\avmufc.dll
.
Zeit der Fertigstellung: 2012-02-17 15:18:40
ComboFix-quarantined-files.txt 2012-02-17 14:18
.
Vor Suchlauf: 14 Verzeichnis(se), 30.102.368.256 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 30.392.266.752 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 337294B4E6F5F7F268C10B3190D54E4E
_________________________________________________________________ Gruß Kriszi |
|
17.02.2012, 17:48
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzes Fenster: Aus Sicherheitsgründen wurde Ihr System blockiert Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.02.2012, 18:21
| #25 |
| | Schwarzes Fenster: Aus Sicherheitsgründen wurde Ihr System blockiert Hallo Cosinus, habe weder WINRAR noch 7ZIP. Von welcher Website können sie sicher heruntergeladen werden? Mit der Installation eines neuen Produktes auf die Festplatte, wird nicht der ganze Such- und Analyseprozess beinträchtigt, da ja neue Elemente darauf sind? Gruß Kriszi |
|
17.02.2012, 18:23
| #26 |
| | Schwarzes Fenster: Aus Sicherheitsgründen wurde Ihr System blockiert Mit "neuen Produkten" meine ich WinRAR und 7zip, nicht die Tools. |
|
17.02.2012, 18:49
| #28 |
| | Schwarzes Fenster: Aus Sicherheitsgründen wurde Ihr System blockiert Ja, googeln kann ich. Wollte nur vorsichtig sein, da du ja dabei bist, meine Festplatte zu bereinigen, und keinen neuen Müll von irgendeiner unsicheren Website herunterladen. |
|
17.02.2012, 19:44
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzes Fenster: Aus Sicherheitsgründen wurde Ihr System blockiert Man lädst sich ja auch nichts von irgendwas herunter, sondern nach Möglichkeit direkt vom Hersteller. So einfach ist das. Das Hilfsmittel ist keine Zauberei sondern eine Suchmaschine und etwas Eigeninitiative!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.02.2012, 11:02
| #30 |
| | Schwarzes Fenster: Aus Sicherheitsgründen wurde Ihr System blockiert Hallo Cosinus, hier die GMER Log, nachdem der GMER-Scan stundenlang gedauert hat (zwar nicht abgestürtzt, hat einfach ca. 4 Std gebraucht): GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-18 09:28:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-00FJA0 rev.13.03G13
Running: tunzpgx2.exe; Driver: C:\DOKUME~1\Dauber\LOKALE~1\Temp\agnyrpod.sys
---- System - GMER 1.0.15 ----
SSDT F7DB048C ZwClose
SSDT F7DB0446 ZwCreateKey
SSDT F7DB0496 ZwCreateSection
SSDT F7DB043C ZwCreateThread
SSDT F7DB044B ZwDeleteKey
SSDT F7DB0455 ZwDeleteValueKey
SSDT F7DB0487 ZwDuplicateObject
SSDT F7DB045A ZwLoadKey
SSDT F7DB0428 ZwOpenProcess
SSDT F7DB042D ZwOpenThread
SSDT F7DB0464 ZwReplaceKey
SSDT F7DB045F ZwRestoreKey
SSDT F7DB049B ZwSetContextThread
SSDT F7DB0450 ZwSetValueKey
SSDT F7DB0437 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5FD53A0, 0x88C445, 0xE8000020]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB16AC400, 0x87EE2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB1750620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB1750620]
.protectÿÿÿÿhardlockunknown last code section [0xB1750400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB1750400, 0x5126, 0xE0000020]
---- User code sections - GMER 1.0.15 ----
.text C:\program files\real\realplayer\update\realsched.exe[724] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
Device \Driver\Hardlock \Device\HLVol XHASP.sys
Device \Driver\Hardlock \Device\FNT0 XHASP.sys
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Die OSAM Log folgt in Kürze Gruß Kriszi |
|
| Themen zu Schwarzes Fenster: Aus Sicherheitsgründen wurde Ihr System blockiert |
| anhang, anschluss, betriebssystem, bezüglich, bildschirm, blockiert, browser, computer, direkt, fenster, forum, funktioniert, hinweis, installiert, malwarebytes, neue, neuen, nicht installiert, problem, schwarzer bildschirm, schwarzes, sp3, system, trojaner-board, windows, windows xp, zahlen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
