| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 50€ Virus blockiert wie bei anderen Nutzern mein Windows XPWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.03.2012, 19:43
| #1 |
 |  50€ Virus blockiert wie bei anderen Nutzern mein Windows XP Mir geht es so wie einigen anderen Nutzern hier auch. Ich hab mir wohl einen Virus eingefangen der mein Windows XP sperrt. Es geht ein Fenster auf das mann nicht schließen kann und die ganzen Windows Schaltflächen sind nicht zu benutzen, oberhalb sichtbar ist eine Deutschlandflagge. Als Text steht dort das der Pc aufgrund zu vieler pornographischer inhalte etc gesperrt werden musste, da sich das System an einer kritischen Grenze befindet. Man soll für ein extra virenprogramm dannn Geld bezahlen damit das Problem behoben ist.Unterhalb sichtbar sind einige Antivirenprogramme, wie antivir mcaffe etc... Wie muss ich vorgehen damit mein Problem behoben wird? Vielen Dank für antworten im vorraus |
|
25.03.2012, 16:09
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | 50€ Virus blockiert wie bei anderen Nutzern mein Windows XP Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?
__________________Abgesicherter Modus zur Bereinigung
__________________ |
|
25.03.2012, 16:47
| #3 |
| | 50€ Virus blockiert wie bei anderen Nutzern mein Windows XP Der abgesicherte Modus funktioniert und in diesem befinde ich mich jetzt. Ich hatte 2 Konten zur Auswahl unter denen ich mich einloggen konnte. Einmal Adminstrator und das konto Housemaus.
__________________Ich bin jetz auf dem Konto Administrator. Der internet funktioniert. |
|
25.03.2012, 17:47
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€ Virus blockiert wie bei anderen Nutzern mein Windows XP na wenn der Modus geht wirst du erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.03.2012, 20:12
| #5 |
| | 50€ Virus blockiert wie bei anderen Nutzern mein Windows XPCode:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.25.02 Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.6001.18702 Administrator :: MAUS [Administrator] 25.03.2012 20:49:18 mbam-log-2012-03-25 (20-49-18).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 448996 Laufzeit: 1 Stunde(n), 14 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Skype\SkypePM.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Temp\0.252116531958566.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dbe1378162d97f42a5051363bf01e91d
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-25 09:26:24
# local_time=2012-03-25 11:26:24 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775130 100 93 942085 69245233 942823 0
# compatibility_mode=8192 67108863 100 0 719 719 0 0
# scanned=128570
# found=0
# cleaned=0
# scan_time=2374
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dbe1378162d97f42a5051363bf01e91d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-25 11:27:57
# local_time=2012-03-26 01:27:57 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775130 100 93 945128 69248276 945866 0
# compatibility_mode=8192 67108863 100 0 3762 3762 0 0
# scanned=246641
# found=1
# cleaned=0
# scan_time=6624
E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Temp\Main.class a variant of Java/Exploit.CVE-2011-3544.BF trojan (unable to clean) 00000000000000000000000000000000 I
|
|
26.03.2012, 12:49
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€ Virus blockiert wie bei anderen Nutzern mein Windows XP Funktioniert der normale Modus wieder? Wenn ja mach in diesem Modus ein neues OTL-Log CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> 50€ Virus blockiert wie bei anderen Nutzern mein Windows XP |
|
26.03.2012, 20:37
| #7 |
| | 50€ Virus blockiert wie bei anderen Nutzern mein Windows XP Der normale Modus funktioniert wieder, jedoch lässt sich Antivir nicht mehr starten. Ich mache nun den Otl scan. Code:
ATTFilter OTL logfile created on: 26.03.2012 21:39:08 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = E:\Dokumente und Einstellungen\Housemaus\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,64% Memory free 3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,05% Paging File free Paging file location(s): E:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme Drive C: | 100,00 Mb Total Space | 63,41 Mb Free Space | 63,41% Space Free | Partition Type: NTFS Drive D: | 116,87 Gb Total Space | 54,78 Gb Free Space | 46,87% Space Free | Partition Type: NTFS Drive E: | 69,33 Gb Total Space | 16,98 Gb Free Space | 24,50% Space Free | Partition Type: NTFS Computer Name: MAUS | User Name: Housemaus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.26 21:37:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Housemaus\Desktop\OTL.exe PRC - [2012.03.16 22:21:11 | 000,924,600 | ---- | M] (Mozilla Corporation) -- E:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- E:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- E:\Programme\Gemeinsame Dateien\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.03.16 22:21:10 | 001,969,080 | ---- | M] () -- E:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2011.09.05 19:04:58 | 000,301,056 | ---- | M] () -- E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- E:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.06.30 22:00:57 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- E:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 13:59:40 | 000,136,360 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- E:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- E:\Programme\Gemeinsame Dateien\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DOKUME~1\HOUSEM~1\LOKALE~1\Temp\GPU-Z.sys -- (GPU-Z) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011.06.30 22:00:57 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.30 22:00:57 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.07 14:11:37 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32) Intel(R) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.04.30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV - [2006.12.22 11:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2006.12.22 11:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2006.12.22 11:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006.04.17 21:29:06 | 000,569,856 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService) DRV - [2005.12.22 22:25:10 | 000,006,861 | R--- | M] (Conexant Systems, Inc) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\UIUSYS.SYS -- (UIUSys) DRV - [2005.11.30 20:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005.06.09 06:03:30 | 001,383,104 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\cmudau.sys -- (cmudau) DRV - [2004.05.17 16:18:26 | 000,008,573 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\TOSRFEC.SYS -- (tosrfec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-854245398-1897051121-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-854245398-1897051121-725345543-1004\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-854245398-1897051121-725345543-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-854245398-1897051121-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-854245398-1897051121-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-854245398-1897051121-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "chrome://fastdial/content/fastdial.html" FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:3.4 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: E:\Programme\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: E:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: E:\Programme\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: E:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.21 16:29:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: E:\Programme\Mozilla Firefox\components [2012.03.16 22:21:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2012.02.13 01:31:05 | 000,000,000 | ---D | M] [2011.02.21 05:02:17 | 000,000,000 | ---D | M] (No name found) -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Mozilla\Extensions [2012.03.16 23:05:32 | 000,000,000 | ---D | M] (No name found) -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Mozilla\Firefox\Profiles\oetlmwpw.default\extensions [2012.03.16 23:05:32 | 000,000,000 | ---D | M] (Fast Dial) -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Mozilla\Firefox\Profiles\oetlmwpw.default\extensions\fastdial@telega.phpnet.us [2012.03.20 22:28:32 | 000,001,056 | ---- | M] () -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Mozilla\Firefox\Profiles\oetlmwpw.default\searchplugins\icqplugin.xml [2012.02.13 01:31:11 | 000,000,000 | ---D | M] (No name found) -- E:\Programme\Mozilla Firefox\extensions [2011.10.11 21:01:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} () (No name found) -- E:\DOKUMENTE UND EINSTELLUNGEN\HOUSEMAUS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\OETLMWPW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.03.16 22:21:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- E:\Programme\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- E:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2010.12.07 00:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- E:\Programme\mozilla firefox\plugins\npwachk.dll [2012.03.16 22:21:07 | 000,001,392 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.16 22:21:07 | 000,002,252 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\bing.xml [2012.03.16 22:21:07 | 000,001,153 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.03.16 22:21:07 | 000,006,805 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.16 22:21:07 | 000,001,178 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.16 22:21:06 | 000,001,105 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = E:\Programme\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = E:\Programme\Google\Chrome\Application\17.0.963.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = E:\Programme\Google\Chrome\Application\17.0.963.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = E:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = E:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = E:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Winamp Application Detector (Enabled) = E:\Programme\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = E:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = E:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = E:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = E:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Harmony Firefox Plugin (Enabled) = E:\Programme\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = E:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Veetle TV Player (Enabled) = E:\Programme\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = E:\Programme\Veetle\plugins\npVeetle.dll CHR - plugin: iTunes Application Detector (Enabled) = E:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2011.02.21 19:54:18 | 000,001,017 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 ar.atwola.com O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [Adobe ARM] E:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] E:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] E:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] E:\WINDOWS\System32\nwiz.exe () O4 - HKU\S-1-5-21-854245398-1897051121-725345543-1004..\Run: [SkypePM] E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Skype\SkypePM.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-854245398-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - E:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - E:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9939520-DC2F-4964-AB9C-F00C5D61DBA4}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.02.14 22:33:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: E:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bluetooth Monitor.lnk - E:\Programme\TOSHIBA\Bluetooth Monitor\BtMon2.exe - (TOSHIBA) MsConfig - StartUpFolder: E:^Dokumente und Einstellungen^Housemaus^Startmenü^Programme^Autostart^Logitech . Produktregistrierung.lnk - E:\Programme\Logitech\Logitech WebCam Software\eReg.exe - (Leader Technologies/Logitech) MsConfig - StartUpFolder: E:^Dokumente und Einstellungen^Housemaus^Startmenü^Programme^Autostart^OpenOffice.org 3.3.lnk - E:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: ICQ - hkey= - key= - E:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - E:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - E:\Programme\Logitech\Logitech WebCam Software\LWS.exe () MsConfig - StartUpReg: MSMSGS - hkey= - key= - E:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: msnmsgr - hkey= - key= - E:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig - StartUpReg: Skype - hkey= - key= - E:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: Steam - hkey= - key= - E:\Programme\Steam\Steam.exe (Valve Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - E:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - E:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - E:\WINDOWS\system32\Rundll32.exe E:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - E:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - E:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - E:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "E:\WINDOWS\system32\rundll32.exe" "E:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.l3acm - E:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - E:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - E:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - E:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - E:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - E:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - E:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.iv31 - E:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - E:\WINDOWS\System32\ir32_32.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.26 21:37:19 | 000,593,920 | ---- | C] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Housemaus\Desktop\OTL.exe [2012.03.25 22:34:52 | 000,000,000 | ---D | C] -- E:\Programme\ESET [2012.03.25 20:47:34 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.03.25 20:47:33 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys [2012.03.25 20:47:33 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.03.25 20:47:32 | 000,000,000 | ---D | C] -- E:\Programme\Malwarebytes' Anti-Malware [2012.03.17 19:54:17 | 000,000,000 | ---D | C] -- E:\Programme\Gameforge [2012.03.17 19:54:17 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Gameforge [2012.03.17 18:44:35 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\XPSViewer [2012.03.17 18:44:30 | 000,000,000 | ---D | C] -- E:\Programme\MSBuild [2012.03.17 18:44:28 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\en-US [2012.03.17 18:44:21 | 000,000,000 | ---D | C] -- E:\Programme\Reference Assemblies [2012.03.17 18:43:41 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Housemaus\Desktop\Neuer Ordner [2012.03.16 23:22:08 | 000,000,000 | R-SD | C] -- E:\WINDOWS\assembly [2012.03.16 23:21:32 | 000,000,000 | ---D | C] -- E:\WINDOWS\Microsoft.NET [2012.02.29 17:57:10 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Google [2012.02.29 17:54:59 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth [2012.02.26 17:54:00 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2012.02.26 17:49:13 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2012.02.26 17:48:55 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Google [2012.02.26 17:48:51 | 000,000,000 | ---D | C] -- E:\Programme\Google [5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ] [1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.26 21:37:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Housemaus\Desktop\OTL.exe [2012.03.26 21:33:05 | 000,201,859 | ---- | M] () -- E:\WINDOWS\System32\nvapps.xml [2012.03.26 21:33:03 | 000,001,092 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.03.26 21:33:00 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat [2012.03.26 21:29:12 | 000,001,324 | ---- | M] () -- E:\WINDOWS\System32\d3d9caps.dat [2012.03.26 21:25:31 | 000,449,044 | ---- | M] () -- E:\WINDOWS\System32\perfh007.dat [2012.03.26 21:25:31 | 000,432,690 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat [2012.03.26 21:25:31 | 000,080,306 | ---- | M] () -- E:\WINDOWS\System32\perfc007.dat [2012.03.26 21:25:31 | 000,067,646 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat [2012.03.25 20:47:34 | 000,000,756 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.25 00:38:28 | 000,013,646 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl [2012.03.23 02:04:00 | 000,001,096 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.03.17 19:54:17 | 000,001,930 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\AION Free-To-Play.lnk [2012.03.17 18:51:33 | 000,127,704 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT [2012.03.15 00:06:11 | 000,001,374 | ---- | M] () -- E:\WINDOWS\imsins.BAK [2012.03.07 12:41:21 | 000,020,228 | -H-- | M] () -- E:\WINDOWS\System32\mlfcache.dat [5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ] [1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.25 20:47:34 | 000,000,756 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.17 19:54:17 | 000,001,930 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\AION Free-To-Play.lnk [2012.02.29 17:54:08 | 000,001,096 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.02.29 17:54:06 | 000,001,092 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.02.16 20:49:45 | 000,003,072 | ---- | C] () -- E:\WINDOWS\System32\iacenc.dll [2011.08.14 16:48:22 | 000,020,228 | -H-- | C] () -- E:\WINDOWS\System32\mlfcache.dat [2011.07.23 14:57:50 | 000,004,608 | ---- | C] () -- E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.28 23:39:01 | 000,000,056 | -H-- | C] () -- E:\WINDOWS\System32\ezsidmv.dat [2011.02.22 01:34:29 | 000,000,586 | ---- | C] () -- E:\WINDOWS\hpomdl44.dat.temp [2011.02.21 21:54:43 | 000,064,950 | ---- | C] () -- E:\WINDOWS\War3Unin.dat [2011.02.21 20:07:07 | 000,241,664 | R--- | C] () -- E:\WINDOWS\System32\cmdrvrmu.exe [2011.02.21 20:07:07 | 000,045,056 | R--- | C] () -- E:\WINDOWS\System32\cmdrvrmu.dll [2011.02.21 20:06:44 | 000,040,960 | R--- | C] () -- E:\WINDOWS\CmiUSB2Uninstall.exe [2011.02.21 20:06:42 | 000,004,911 | R--- | C] () -- E:\WINDOWS\Cmudau.ini [2011.02.21 16:21:00 | 000,181,880 | ---- | C] () -- E:\WINDOWS\hpoins44.dat [2011.02.21 16:21:00 | 000,000,586 | ---- | C] () -- E:\WINDOWS\hpomdl44.dat [2011.02.21 05:02:12 | 000,000,000 | ---- | C] () -- E:\WINDOWS\nsreg.dat [2011.02.21 03:34:32 | 000,001,324 | ---- | C] () -- E:\WINDOWS\System32\d3d9caps.dat [2011.02.21 03:14:44 | 000,012,402 | R--- | C] () -- E:\WINDOWS\HWSetupStr.ini [2011.02.21 03:14:44 | 000,002,182 | R--- | C] () -- E:\WINDOWS\SVPW32Str.ini [2011.02.21 03:11:11 | 000,049,152 | ---- | C] () -- E:\WINDOWS\System32\TosBthSupport.dll [2011.02.21 02:48:02 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat [2011.02.21 02:44:09 | 000,021,740 | ---- | C] () -- E:\WINDOWS\System32\emptyregdb.dat [2011.02.21 02:37:39 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI [2011.02.21 02:36:34 | 000,127,704 | ---- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2011.02.21 05:24:08 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2011.08.14 16:46:08 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.03.22 17:52:00 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\ICQ [2011.07.15 23:38:04 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Leadertech [2011.02.21 22:55:43 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\LolClient [2011.02.23 21:37:40 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\OpenOffice.org [2011.02.26 07:15:43 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\TS3Client ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.06.23 16:51:03 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Adobe [2011.11.16 16:27:08 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Apple Computer [2011.02.21 05:01:37 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Avira [2012.02.29 17:57:10 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Google [2011.06.25 20:46:59 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\HP [2012.03.10 15:52:27 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\HPAppData [2012.03.22 17:52:00 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\ICQ [2011.02.21 02:51:07 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Identities [2011.08.07 02:55:42 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\InstallShield [2011.07.15 23:38:04 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Leadertech [2011.08.07 02:57:22 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Logitech [2011.02.21 22:55:43 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\LolClient [2011.02.21 19:30:56 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Macromedia [2012.01.20 19:27:47 | 000,000,000 | --SD | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Microsoft [2011.02.21 05:02:17 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Mozilla [2011.02.23 21:37:40 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\OpenOffice.org [2012.03.17 02:22:25 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Skype [2011.07.26 16:59:05 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\skypePM [2011.02.22 00:08:13 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Sun [2011.02.26 07:15:43 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\TS3Client [2012.03.23 00:20:49 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\vlc [2011.05.20 17:13:23 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Winamp [2011.02.21 05:23:05 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\WinRAR [2011.02.22 01:37:53 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Housemaus\Anwendungsdaten\Yahoo! < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- E:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2003.04.02 14:00:00 | 010,180,476 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2002.08.29 04:52:58 | 010,180,476 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- E:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- E:\WINDOWS\system32\eventlog.dll [2004.08.04 01:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- E:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- E:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- E:\WINDOWS\system32\netlogon.dll [2004.08.04 01:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- E:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- E:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- E:\WINDOWS\system32\scecli.dll [2004.08.04 01:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- E:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 01:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- E:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- E:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- E:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- E:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- E:\WINDOWS\system32\userinit.exe [2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- E:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- E:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- E:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- E:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- E:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- E:\WINDOWS\system32\dllcache\ws2ifsl.sys [2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- E:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2011.02.21 03:35:45 | 000,094,208 | ---- | M] () -- E:\WINDOWS\System32\config\default.sav [2011.02.21 03:35:45 | 000,606,208 | ---- | M] () -- E:\WINDOWS\System32\config\software.sav [2011.02.21 03:35:45 | 000,413,696 | ---- | M] () -- E:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ] < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.03.2012 21:39:08 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = E:\Dokumente und Einstellungen\Housemaus\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,64% Memory free
3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,05% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme
Drive C: | 100,00 Mb Total Space | 63,41 Mb Free Space | 63,41% Space Free | Partition Type: NTFS
Drive D: | 116,87 Gb Total Space | 54,78 Gb Free Space | 46,87% Space Free | Partition Type: NTFS
Drive E: | 69,33 Gb Total Space | 16,98 Gb Free Space | 24,50% Space Free | Partition Type: NTFS
Computer Name: MAUS | User Name: Housemaus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-854245398-1897051121-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "E:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "E:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher
"8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher
"6885:TCP" = 6885:TCP:*:Enabled:League of Legends Launcher
"6885:UDP" = 6885:UDP:*:Enabled:League of Legends Launcher
"6933:TCP" = 6933:TCP:*:Enabled:League of Legends Launcher
"6933:UDP" = 6933:UDP:*:Enabled:League of Legends Launcher
"6931:TCP" = 6931:TCP:*:Enabled:League of Legends Launcher
"6931:UDP" = 6931:UDP:*:Enabled:League of Legends Launcher
"6975:TCP" = 6975:TCP:*:Enabled:League of Legends Launcher
"6975:UDP" = 6975:UDP:*:Enabled:League of Legends Launcher
"6977:TCP" = 6977:TCP:*:Enabled:League of Legends Launcher
"6977:UDP" = 6977:UDP:*:Enabled:League of Legends Launcher
"6986:TCP" = 6986:TCP:*:Enabled:League of Legends Launcher
"6986:UDP" = 6986:UDP:*:Enabled:League of Legends Launcher
"6984:TCP" = 6984:TCP:*:Enabled:League of Legends Launcher
"6984:UDP" = 6984:UDP:*:Enabled:League of Legends Launcher
"6890:TCP" = 6890:TCP:*:Enabled:League of Legends Launcher
"6890:UDP" = 6890:UDP:*:Enabled:League of Legends Launcher
"8397:TCP" = 8397:TCP:*:Enabled:League of Legends Launcher
"8397:UDP" = 8397:UDP:*:Enabled:League of Legends Launcher
"6958:TCP" = 6958:TCP:*:Enabled:League of Legends Launcher
"6958:UDP" = 6958:UDP:*:Enabled:League of Legends Launcher
"6956:TCP" = 6956:TCP:*:Enabled:League of Legends Launcher
"6956:UDP" = 6956:UDP:*:Enabled:League of Legends Launcher
"6951:TCP" = 6951:TCP:*:Enabled:League of Legends Launcher
"6951:UDP" = 6951:UDP:*:Enabled:League of Legends Launcher
"6942:TCP" = 6942:TCP:*:Enabled:League of Legends Launcher
"6942:UDP" = 6942:UDP:*:Enabled:League of Legends Launcher
"6887:TCP" = 6887:TCP:*:Enabled:League of Legends Launcher
"6887:UDP" = 6887:UDP:*:Enabled:League of Legends Launcher
"6915:TCP" = 6915:TCP:*:Enabled:League of Legends Launcher
"6915:UDP" = 6915:UDP:*:Enabled:League of Legends Launcher
"6944:TCP" = 6944:TCP:*:Enabled:League of Legends Launcher
"6944:UDP" = 6944:UDP:*:Enabled:League of Legends Launcher
"6955:TCP" = 6955:TCP:*:Enabled:League of Legends Launcher
"6955:UDP" = 6955:UDP:*:Enabled:League of Legends Launcher
"6920:TCP" = 6920:TCP:*:Enabled:League of Legends Launcher
"6920:UDP" = 6920:UDP:*:Enabled:League of Legends Launcher
"6948:TCP" = 6948:TCP:*:Enabled:League of Legends Launcher
"6948:UDP" = 6948:UDP:*:Enabled:League of Legends Launcher
"8398:TCP" = 8398:TCP:*:Enabled:League of Legends Launcher
"8398:UDP" = 8398:UDP:*:Enabled:League of Legends Launcher
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"E:\Programme\ICQ7.4\ICQ.exe" = E:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
"E:\Programme\HP\Digital Imaging\bin\hposid01.exe" = E:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe" = E:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = E:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"E:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = E:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = E:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"E:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = E:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = E:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = E:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\HP Software Update\HPWUCli.exe" = E:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"E:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = E:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"E:\Programme\Veetle\Player\VeetleNet.exe" = E:\Programme\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Programme\ICQ7.4\ICQ.exe" = E:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
"E:\Programme\HP\Digital Imaging\bin\hposid01.exe" = E:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe" = E:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = E:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"E:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = E:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = E:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"E:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = E:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = E:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = E:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\HP Software Update\HPWUCli.exe" = E:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"E:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = E:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"E:\Riot Games\League of Legends\air\LolClient.exe" = E:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"E:\Riot Games\League of Legends\game\League of Legends.exe" = E:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"E:\Programme\Steam\Steam.exe" = E:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"E:\Programme\Winamp\winamp.exe" = E:\Programme\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"E:\Riot Games\League of Legends\lol.launcher.exe" = E:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- ()
"E:\Programme\Logitech\Vid HD\Vid.exe" = E:\Programme\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"E:\Programme\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe" = E:\Programme\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader
"E:\Programme\World of Warcraft\Launcher.exe" = E:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"E:\Programme\World of Warcraft\Launcher.patch.exe" = E:\Programme\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"E:\Programme\World of Warcraft\BackgroundDownloader.exe" = E:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"E:\Programme\StarCraft II\StarCraft II.exe" = E:\Programme\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher
"E:\Programme\StarCraft II\Versions\Base19679\SC2.exe" = E:\Programme\StarCraft II\Versions\Base19679\SC2.exe:*:Enabled:StarCraft II
"E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"E:\Programme\Steam\steamapps\schalker265\counter-strike\hl.exe" = E:\Programme\Steam\steamapps\schalker265\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"E:\Programme\Steam\steamapps\schalker265\counter-strike source\hl2.exe" = E:\Programme\Steam\steamapps\schalker265\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"E:\Programme\Veetle\Player\VeetleNet.exe" = E:\Programme\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.4 Build #4561 Banner Remover 1.1
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5C4D532E-4EC9-11E1-9544-B8AC6F97B88E}" = Google Earth Plug-in
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{61539202-097E-487E-9237-B291AB56D54C}" = Bluetooth Monitor 2
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD-Sicherheitsmodul
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"C-Media USB Sound" = SPEED-LINK Medusa 5.1 USB
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045&SUBSYS_1179FF31" = Soft Data Fax Modem with SmartCP
"ESET Online Scanner" = ESET Online Scanner v3
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) PRO Network Connections Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"SystemRequirementsLab" = System Requirements Lab
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-854245398-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.03.2012 12:57:49 | Computer Name = MAUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung aion.bin, Version 2712.907.222.5354, fehlgeschlagenes
Modul fmodex.dll, Version 0.4.26.5, Fehleradresse 0x000199ee.
Error - 17.03.2012 13:00:03 | Computer Name = MAUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung aion.bin, Version 2712.907.222.5354, fehlgeschlagenes
Modul fmodex.dll, Version 0.4.26.5, Fehleradresse 0x000199ee.
Error - 17.03.2012 13:05:23 | Computer Name = MAUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung aion.bin, Version 2712.907.222.5354, fehlgeschlagenes
Modul fmodex.dll, Version 0.4.26.5, Fehleradresse 0x000199ee.
Error - 17.03.2012 13:37:56 | Computer Name = MAUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung aion.bin, Version 2712.907.222.5354, fehlgeschlagenes
Modul fmodex.dll, Version 0.4.26.5, Fehleradresse 0x000199ee.
Error - 17.03.2012 13:42:06 | Computer Name = MAUS | Source = MsiInstaller | ID = 11706
Description = Produkt: AION Free-To-Play -- Fehler 1706. Für das Produkt AION Free-To-Play
wurde kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden
Sie dabei eine gültige Kopie des Installationspakets "AION Free-To-Play.msi".
Error - 17.03.2012 13:44:40 | Computer Name = MAUS | Source = MsiInstaller | ID = 11706
Description = Produkt: AION Free-To-Play -- Fehler 1706. Für das Produkt AION Free-To-Play
wurde kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden
Sie dabei eine gültige Kopie des Installationspakets "AION Free-To-Play.msi".
Error - 17.03.2012 21:18:22 | Computer Name = MAUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung aion.bin, Version 2712.907.222.5354, fehlgeschlagenes
Modul fmodex.dll, Version 0.4.26.5, Fehleradresse 0x000199ee.
Error - 17.03.2012 21:20:18 | Computer Name = MAUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung aion.bin, Version 2712.907.222.5354, fehlgeschlagenes
Modul fmodex.dll, Version 0.4.26.5, Fehleradresse 0x000199ee.
Error - 18.03.2012 09:23:16 | Computer Name = MAUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung aion.bin, Version 2712.907.222.5354, fehlgeschlagenes
Modul fmodex.dll, Version 0.4.26.5, Fehleradresse 0x000199ee.
Error - 18.03.2012 09:54:57 | Computer Name = MAUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung aion.bin, Version 2712.907.222.5354, fehlgeschlagenes
Modul fmodex.dll, Version 0.4.26.5, Fehleradresse 0x000199ee.
[ System Events ]
Error - 25.03.2012 17:36:12 | Computer Name = MAUS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avgio avipbb Fips intelppm ssmdrv
Error - 25.03.2012 19:29:20 | Computer Name = MAUS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 25.03.2012 19:29:33 | Computer Name = MAUS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 25.03.2012 19:30:57 | Computer Name = MAUS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 25.03.2012 19:44:19 | Computer Name = MAUS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 26.03.2012 15:27:22 | Computer Name = MAUS | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
fehlgeschlagen: %%5
Error - 26.03.2012 15:27:22 | Computer Name = MAUS | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
fehlgeschlagen: %%5
Error - 26.03.2012 15:29:06 | Computer Name = MAUS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 26.03.2012 15:30:19 | Computer Name = MAUS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avgio avipbb Fips intelppm ssmdrv
Error - 26.03.2012 15:31:53 | Computer Name = MAUS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >
|
|
27.03.2012, 09:48
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€ Virus blockiert wie bei anderen Nutzern mein Windows XPZitat:
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "chrome://fastdial/content/fastdial.html"
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:3.4
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - user.js - File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKU\S-1-5-21-854245398-1897051121-725345543-1004..\Run: [SkypePM] E:\Dokumente und Einstellungen\Housemaus\Lokale Einstellungen\Anwendungsdaten\Skype\SkypePM.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.14 22:33:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2012, 14:35
| #9 |
| | 50€ Virus blockiert wie bei anderen Nutzern mein Windows XPCode:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "chrome://fastdial/content/fastdial.html" removed from browser.startup.homepage
Prefs.js: fastdial@telega.phpnet.us:3.4 removed from extensions.enabledItems
Prefs.js: smartwebprinting@hp.com:4.5 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
File move failed. E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-854245398-1897051121-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SkypePM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-854245398-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
D:\autoexec.bat moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 47746106 bytes
->Flash cache emptied: 456 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Housemaus
->Temp folder emptied: 1791759619 bytes
->Temporary Internet Files folder emptied: 149627094 bytes
->Java cache emptied: 54950331 bytes
->FireFox cache emptied: 47469738 bytes
->Google Chrome cache emptied: 12883064 bytes
->Flash cache emptied: 3129 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2317510 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 853855 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1158451 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5311939 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2.016,00 mb
E:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 03272012_151949
Files\Folders moved on Reboot...
E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll moved successfully.
Registry entries deleted on Reboot...
|
|
27.03.2012, 15:35
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€ Virus blockiert wie bei anderen Nutzern mein Windows XP Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2012, 16:01
| #11 |
| | 50€ Virus blockiert wie bei anderen Nutzern mein Windows XPCode:
ATTFilter 16:52:24.0781 3512 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
16:52:24.0843 3512 ============================================================
16:52:24.0843 3512 Current date / time: 2012/03/27 16:52:24.0843
16:52:24.0843 3512 SystemInfo:
16:52:24.0843 3512
16:52:24.0843 3512 OS Version: 5.1.2600 ServicePack: 3.0
16:52:24.0843 3512 Product type: Workstation
16:52:24.0843 3512 ComputerName: MAUS
16:52:24.0843 3512 UserName: Housemaus
16:52:24.0843 3512 Windows directory: E:\WINDOWS
16:52:24.0843 3512 System windows directory: E:\WINDOWS
16:52:24.0843 3512 Processor architecture: Intel x86
16:52:24.0843 3512 Number of processors: 2
16:52:24.0843 3512 Page size: 0x1000
16:52:24.0843 3512 Boot type: Normal boot
16:52:24.0843 3512 ============================================================
16:52:27.0484 3512 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:52:27.0484 3512 \Device\Harddisk0\DR0:
16:52:27.0484 3512 MBR used
16:52:27.0484 3512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:52:27.0484 3512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE9C0000
16:52:27.0484 3512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE9F2800, BlocksNum 0x8AAB800
16:52:27.0578 3512 Initialize success
16:52:27.0578 3512 ============================================================
16:53:42.0937 3560 ============================================================
16:53:42.0937 3560 Scan started
16:53:42.0937 3560 Mode: Manual; SigCheck; TDLFS;
16:53:42.0937 3560 ============================================================
16:53:43.0484 3560 Abiosdsk - ok
16:53:43.0531 3560 abp480n5 - ok
16:53:43.0593 3560 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) E:\WINDOWS\system32\DRIVERS\ACPI.sys
16:53:45.0156 3560 ACPI - ok
16:53:45.0296 3560 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) E:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:53:45.0421 3560 ACPIEC - ok
16:53:45.0437 3560 adpu160m - ok
16:53:45.0484 3560 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys
16:53:45.0593 3560 aec - ok
16:53:45.0656 3560 AFD (1e44bc1e83d8fd2305f8d452db109cf9) E:\WINDOWS\System32\drivers\afd.sys
16:53:45.0703 3560 AFD - ok
16:53:45.0718 3560 Aha154x - ok
16:53:45.0718 3560 aic78u2 - ok
16:53:45.0734 3560 aic78xx - ok
16:53:45.0765 3560 Alerter (738d80cc01d7bc7584be917b7f544394) E:\WINDOWS\system32\alrsvc.dll
16:53:45.0906 3560 Alerter - ok
16:53:45.0937 3560 ALG (190cd73d4984f94d823f9444980513e5) E:\WINDOWS\System32\alg.exe
16:53:46.0031 3560 ALG - ok
16:53:46.0125 3560 AliIde - ok
16:53:46.0171 3560 amsint - ok
16:53:46.0296 3560 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) E:\Programme\Avira\AntiVir Desktop\sched.exe
16:53:46.0312 3560 AntiVirSchedulerService - ok
16:53:46.0328 3560 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) E:\Programme\Avira\AntiVir Desktop\avguard.exe
16:53:46.0343 3560 AntiVirService - ok
16:53:46.0437 3560 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:53:46.0437 3560 Apple Mobile Device - ok
16:53:46.0453 3560 AppMgmt - ok
16:53:46.0500 3560 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys
16:53:46.0609 3560 Arp1394 - ok
16:53:46.0609 3560 asc - ok
16:53:46.0625 3560 asc3350p - ok
16:53:46.0625 3560 asc3550 - ok
16:53:46.0750 3560 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:53:46.0796 3560 aspnet_state - ok
16:53:46.0906 3560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:53:46.0984 3560 AsyncMac - ok
16:53:47.0062 3560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys
16:53:47.0515 3560 atapi - ok
16:53:47.0562 3560 Atdisk - ok
16:53:47.0593 3560 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:53:47.0671 3560 Atmarpc - ok
16:53:47.0718 3560 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) E:\WINDOWS\System32\audiosrv.dll
16:53:47.0828 3560 AudioSrv - ok
16:53:47.0875 3560 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
16:53:47.0968 3560 audstub - ok
16:53:48.0000 3560 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) E:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:53:48.0031 3560 avgntflt - ok
16:53:48.0062 3560 avipbb (13b02b9b969dde270cd7c351203dad3c) E:\WINDOWS\system32\DRIVERS\avipbb.sys
16:53:48.0062 3560 avipbb - ok
16:53:48.0093 3560 avkmgr (271cfd1a989209b1964e24d969552bf7) E:\WINDOWS\system32\DRIVERS\avkmgr.sys
16:53:48.0093 3560 avkmgr - ok
16:53:48.0156 3560 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
16:53:48.0265 3560 Beep - ok
16:53:48.0406 3560 BITS (d6f603772a789bb3228f310d650b8bd1) E:\WINDOWS\system32\qmgr.dll
16:53:48.0546 3560 BITS - ok
16:53:48.0656 3560 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) E:\Programme\Bonjour\mDNSResponder.exe
16:53:48.0671 3560 Bonjour Service - ok
16:53:48.0765 3560 Browser (b42057f06bbb98b31876c0b3f2b54e33) E:\WINDOWS\System32\browser.dll
16:53:48.0890 3560 Browser - ok
16:53:49.0000 3560 BthEnum (b279426e3c0c344893ed78a613a73bde) E:\WINDOWS\system32\DRIVERS\BthEnum.sys
16:53:49.0109 3560 BthEnum - ok
16:53:49.0234 3560 BthPan (80602b8746d3738f5886ce3d67ef06b6) E:\WINDOWS\system32\DRIVERS\bthpan.sys
16:53:49.0343 3560 BthPan - ok
16:53:49.0406 3560 BTHPORT (592e1cedbe314d0ef184dc6f46141e76) E:\WINDOWS\system32\Drivers\BTHport.sys
16:53:49.0453 3560 BTHPORT - ok
16:53:49.0531 3560 BthServ (26c601ef7525e31379744abfc6f35a1b) E:\WINDOWS\System32\bthserv.dll
16:53:49.0625 3560 BthServ - ok
16:53:49.0687 3560 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) E:\WINDOWS\system32\Drivers\BTHUSB.sys
16:53:49.0796 3560 BTHUSB - ok
16:53:49.0828 3560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
16:53:49.0906 3560 cbidf2k - ok
16:53:49.0953 3560 CCDECODE (0be5aef125be881c4f854c554f2b025c) E:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:53:50.0046 3560 CCDECODE - ok
16:53:50.0046 3560 cd20xrnt - ok
16:53:50.0093 3560 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
16:53:50.0187 3560 Cdaudio - ok
16:53:50.0312 3560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys
16:53:50.0406 3560 Cdfs - ok
16:53:50.0468 3560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys
16:53:50.0562 3560 Cdrom - ok
16:53:50.0578 3560 Changer - ok
16:53:50.0625 3560 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) E:\WINDOWS\system32\cisvc.exe
16:53:50.0734 3560 CiSvc - ok
16:53:50.0796 3560 ClipSrv (778a30ed3c134eb7e406afc407e9997d) E:\WINDOWS\system32\clipsrv.exe
16:53:50.0890 3560 ClipSrv - ok
16:53:51.0031 3560 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:53:51.0140 3560 clr_optimization_v2.0.50727_32 - ok
16:53:51.0265 3560 CmBatt (0f6c187d38d98f8df904589a5f94d411) E:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:53:51.0359 3560 CmBatt - ok
16:53:51.0406 3560 CmdIde - ok
16:53:51.0562 3560 cmudau (6567d62b2b9e30692da2cd64ab512c1f) E:\WINDOWS\system32\drivers\cmudau.sys
16:53:51.0687 3560 cmudau ( UnsignedFile.Multi.Generic ) - warning
16:53:51.0687 3560 cmudau - detected UnsignedFile.Multi.Generic (1)
16:53:51.0734 3560 Compbatt (6e4c9f21f0fae8940661144f41b13203) E:\WINDOWS\system32\DRIVERS\compbatt.sys
16:53:51.0843 3560 Compbatt - ok
16:53:51.0843 3560 COMSysApp - ok
16:53:51.0859 3560 Cpqarray - ok
16:53:51.0906 3560 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) E:\WINDOWS\System32\cryptsvc.dll
16:53:52.0000 3560 CryptSvc - ok
16:53:52.0078 3560 dac2w2k - ok
16:53:52.0109 3560 dac960nt - ok
16:53:52.0171 3560 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) E:\WINDOWS\system32\rpcss.dll
16:53:52.0234 3560 DcomLaunch - ok
16:53:52.0281 3560 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) E:\WINDOWS\System32\dhcpcsvc.dll
16:53:52.0359 3560 Dhcp - ok
16:53:52.0390 3560 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys
16:53:52.0468 3560 Disk - ok
16:53:52.0484 3560 dmadmin - ok
16:53:52.0546 3560 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) E:\WINDOWS\system32\drivers\dmboot.sys
16:53:52.0734 3560 dmboot - ok
16:53:52.0843 3560 dmio (53720ab12b48719d00e327da470a619a) E:\WINDOWS\system32\drivers\dmio.sys
16:53:52.0953 3560 dmio - ok
16:53:53.0078 3560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
16:53:53.0187 3560 dmload - ok
16:53:53.0250 3560 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) E:\WINDOWS\System32\dmserver.dll
16:53:53.0359 3560 dmserver - ok
16:53:53.0406 3560 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys
16:53:53.0515 3560 DMusic - ok
16:53:53.0562 3560 Dnscache (407f3227ac618fd1ca54b335b083de07) E:\WINDOWS\System32\dnsrslvr.dll
16:53:53.0593 3560 Dnscache - ok
16:53:53.0656 3560 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) E:\WINDOWS\System32\dot3svc.dll
16:53:53.0750 3560 Dot3svc - ok
16:53:53.0765 3560 dpti2o - ok
16:53:53.0781 3560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys
16:53:53.0875 3560 drmkaud - ok
16:53:54.0109 3560 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) E:\WINDOWS\system32\DRIVERS\e100b325.sys
16:53:54.0281 3560 E100B - ok
16:53:54.0390 3560 EapHost (4e4f2fddab0a0736d7671134dcce91fb) E:\WINDOWS\System32\eapsvc.dll
16:53:54.0484 3560 EapHost - ok
16:53:54.0531 3560 ERSvc (877c18558d70587aa7823a1a308ac96b) E:\WINDOWS\System32\ersvc.dll
16:53:54.0640 3560 ERSvc - ok
16:53:54.0703 3560 Eventlog (a3edbe9053889fb24ab22492472b39dc) E:\WINDOWS\system32\services.exe
16:53:54.0718 3560 Eventlog - ok
16:53:54.0812 3560 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) E:\WINDOWS\System32\es.dll
16:53:54.0843 3560 EventSystem - ok
16:53:54.0984 3560 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys
16:53:55.0062 3560 Fastfat - ok
16:53:55.0171 3560 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) E:\WINDOWS\System32\shsvcs.dll
16:53:55.0218 3560 FastUserSwitchingCompatibility - ok
16:53:55.0296 3560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\drivers\Fdc.sys
16:53:55.0375 3560 Fdc - ok
16:53:55.0406 3560 Fips (b0678a548587c5f1967b0d70bacad6c1) E:\WINDOWS\system32\drivers\Fips.sys
16:53:55.0484 3560 Fips - ok
16:53:55.0500 3560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\drivers\Flpydisk.sys
16:53:55.0593 3560 Flpydisk - ok
16:53:55.0656 3560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys
16:53:55.0750 3560 FltMgr - ok
16:53:55.0890 3560 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:53:55.0890 3560 FontCache3.0.0.0 - ok
16:53:55.0921 3560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
16:53:56.0031 3560 Fs_Rec - ok
16:53:56.0140 3560 Ftdisk (8f1955ce42e1484714b542f341647778) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:53:56.0234 3560 Ftdisk - ok
16:53:56.0343 3560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:53:56.0343 3560 GEARAspiWDM - ok
16:53:56.0468 3560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys
16:53:56.0546 3560 Gpc - ok
16:53:56.0640 3560 GPU-Z - ok
16:53:56.0734 3560 gupdate (f02a533f517eb38333cb12a9e8963773) E:\Programme\Google\Update\GoogleUpdate.exe
16:53:56.0750 3560 gupdate - ok
16:53:56.0750 3560 gupdatem (f02a533f517eb38333cb12a9e8963773) E:\Programme\Google\Update\GoogleUpdate.exe
16:53:56.0750 3560 gupdatem - ok
16:53:56.0968 3560 HdAudAddService (bb42bb78bbbc1e83292ef26973598daf) E:\WINDOWS\system32\drivers\CHDAud.sys
16:53:57.0031 3560 HdAudAddService - ok
16:53:57.0156 3560 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:53:57.0250 3560 HDAudBus - ok
16:53:57.0296 3560 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:53:57.0390 3560 helpsvc - ok
16:53:57.0437 3560 HidServ (b35da85e60c0103f2e4104532da2f12b) E:\WINDOWS\System32\hidserv.dll
16:53:57.0546 3560 HidServ - ok
16:53:57.0593 3560 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys
16:53:57.0687 3560 HidUsb - ok
16:53:57.0796 3560 hkmsvc (ed29f14101523a6e0e808107405d452c) E:\WINDOWS\System32\kmsvc.dll
16:53:57.0875 3560 hkmsvc - ok
16:53:57.0968 3560 hpn - ok
16:53:58.0125 3560 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) E:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
16:53:58.0156 3560 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
16:53:58.0156 3560 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
16:53:58.0171 3560 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) E:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
16:53:58.0187 3560 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
16:53:58.0187 3560 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
16:53:58.0234 3560 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) E:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:53:58.0406 3560 HPZid412 - ok
16:53:58.0515 3560 HPZipr12 (89f41658929393487b6b7d13c8528ce3) E:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:53:58.0546 3560 HPZipr12 - ok
16:53:58.0546 3560 HPZius12 (abcb05ccdbf03000354b9553820e39f8) E:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:53:58.0593 3560 HPZius12 - ok
16:53:58.0671 3560 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) E:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
16:53:58.0718 3560 HSFHWAZL - ok
16:53:58.0796 3560 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) E:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
16:53:58.0906 3560 HSF_DPV - ok
16:53:58.0968 3560 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys
16:53:59.0000 3560 HTTP - ok
16:53:59.0046 3560 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) E:\WINDOWS\System32\w3ssl.dll
16:53:59.0140 3560 HTTPFilter - ok
16:53:59.0250 3560 i2omgmt - ok
16:53:59.0250 3560 i2omp - ok
16:53:59.0312 3560 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:53:59.0406 3560 i8042prt - ok
16:53:59.0515 3560 IDriverT (1cf03c69b49acb70c722df92755c0c8c) E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:53:59.0531 3560 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:53:59.0531 3560 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:53:59.0718 3560 idsvc (c01ac32dc5c03076cfb852cb5da5229c) E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:53:59.0796 3560 idsvc - ok
16:54:00.0015 3560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys
16:54:00.0109 3560 Imapi - ok
16:54:00.0203 3560 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) E:\WINDOWS\System32\imapi.exe
16:54:00.0296 3560 ImapiService - ok
16:54:00.0343 3560 ini910u - ok
16:54:00.0390 3560 IntelIde - ok
16:54:00.0453 3560 intelppm (4c7d2750158ed6e7ad642d97bffae351) E:\WINDOWS\system32\DRIVERS\intelppm.sys
16:54:00.0546 3560 intelppm - ok
16:54:00.0609 3560 ip6fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys
16:54:00.0718 3560 ip6fw - ok
16:54:00.0859 3560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:54:00.0953 3560 IpFilterDriver - ok
16:54:01.0046 3560 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys
16:54:01.0140 3560 IpInIp - ok
16:54:01.0203 3560 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys
16:54:01.0296 3560 IpNat - ok
16:54:01.0421 3560 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) E:\Programme\iPod\bin\iPodService.exe
16:54:01.0484 3560 iPod Service - ok
16:54:01.0546 3560 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys
16:54:01.0625 3560 IPSec - ok
16:54:01.0656 3560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys
16:54:01.0765 3560 IRENUM - ok
16:54:01.0859 3560 isapnp (6dfb88f64135c525433e87648bda30de) E:\WINDOWS\system32\DRIVERS\isapnp.sys
16:54:01.0953 3560 isapnp - ok
16:54:02.0046 3560 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) E:\Programme\Java\jre6\bin\jqs.exe
16:54:02.0062 3560 JavaQuickStarterService - ok
16:54:02.0156 3560 Kbdclass (1704d8c4c8807b889e43c649b478a452) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:54:02.0250 3560 Kbdclass - ok
16:54:02.0343 3560 kbdhid (b6d6c117d771c98130497265f26d1882) E:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:54:02.0437 3560 kbdhid - ok
16:54:02.0546 3560 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys
16:54:02.0640 3560 kmixer - ok
16:54:02.0765 3560 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys
16:54:02.0859 3560 KSecDD - ok
16:54:02.0906 3560 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) E:\WINDOWS\System32\srvsvc.dll
16:54:02.0953 3560 lanmanserver - ok
16:54:03.0015 3560 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) E:\WINDOWS\System32\wkssvc.dll
16:54:03.0078 3560 lanmanworkstation - ok
16:54:03.0093 3560 lbrtfdc - ok
16:54:03.0125 3560 LmHosts (636714b7d43c8d0c80449123fd266920) E:\WINDOWS\System32\lmhsvc.dll
16:54:03.0234 3560 LmHosts - ok
16:54:03.0281 3560 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) E:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
16:54:03.0281 3560 LVPr2Mon - ok
16:54:03.0406 3560 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) E:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
16:54:03.0406 3560 LVPrcSrv - ok
16:54:03.0546 3560 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) E:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:54:03.0562 3560 mdmxsdk - ok
16:54:03.0578 3560 Messenger (b7550a7107281d170ce85524b1488c98) E:\WINDOWS\System32\msgsvc.dll
16:54:03.0687 3560 Messenger - ok
16:54:03.0734 3560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
16:54:03.0828 3560 mnmdd - ok
16:54:03.0937 3560 mnmsrvc (c2f1d365fd96791b037ee504868065d3) E:\WINDOWS\System32\mnmsrvc.exe
16:54:04.0015 3560 mnmsrvc - ok
16:54:04.0078 3560 Modem (6fb74ebd4ec57a6f1781de3852cc3362) E:\WINDOWS\system32\drivers\Modem.sys
16:54:04.0156 3560 Modem - ok
16:54:04.0187 3560 Mouclass (b24ce8005deab254c0251e15cb71d802) E:\WINDOWS\system32\DRIVERS\mouclass.sys
16:54:04.0265 3560 Mouclass - ok
16:54:04.0312 3560 mouhid (66a6f73c74e1791464160a7065ce711a) E:\WINDOWS\system32\DRIVERS\mouhid.sys
16:54:04.0406 3560 mouhid - ok
16:54:04.0437 3560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys
16:54:04.0531 3560 MountMgr - ok
16:54:04.0546 3560 mraid35x - ok
16:54:04.0562 3560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:54:04.0656 3560 MRxDAV - ok
16:54:04.0734 3560 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:54:04.0765 3560 MRxSmb - ok
16:54:04.0890 3560 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) E:\WINDOWS\System32\msdtc.exe
16:54:04.0984 3560 MSDTC - ok
16:54:05.0046 3560 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys
16:54:05.0140 3560 Msfs - ok
16:54:05.0156 3560 MSIServer - ok
16:54:05.0187 3560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys
16:54:05.0281 3560 MSKSSRV - ok
16:54:05.0328 3560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:54:05.0421 3560 MSPCLOCK - ok
16:54:05.0453 3560 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys
16:54:05.0531 3560 MSPQM - ok
16:54:05.0562 3560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:54:05.0656 3560 mssmbios - ok
16:54:05.0750 3560 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) E:\WINDOWS\system32\drivers\MSTEE.sys
16:54:05.0875 3560 MSTEE - ok
16:54:06.0000 3560 Mup (de6a75f5c270e756c5508d94b6cf68f5) E:\WINDOWS\system32\drivers\Mup.sys
16:54:06.0031 3560 Mup - ok
16:54:06.0140 3560 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:54:06.0250 3560 NABTSFEC - ok
16:54:06.0343 3560 napagent (46bb15ae2ac7d025d6d2567b876817bd) E:\WINDOWS\System32\qagentrt.dll
16:54:06.0453 3560 napagent - ok
16:54:06.0515 3560 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys
16:54:06.0625 3560 NDIS - ok
16:54:06.0718 3560 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) E:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:54:06.0812 3560 NdisIP - ok
16:54:06.0843 3560 NdisTapi (0109c4f3850dfbab279542515386ae22) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:54:06.0875 3560 NdisTapi - ok
16:54:06.0906 3560 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:54:07.0000 3560 Ndisuio - ok
16:54:07.0046 3560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:54:07.0156 3560 NdisWan - ok
16:54:07.0218 3560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) E:\WINDOWS\system32\drivers\NDProxy.sys
16:54:07.0250 3560 NDProxy - ok
16:54:07.0359 3560 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) E:\WINDOWS\system32\HPZinw12.dll
16:54:07.0375 3560 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:54:07.0375 3560 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:54:07.0484 3560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys
16:54:07.0578 3560 NetBIOS - ok
16:54:07.0656 3560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys
16:54:07.0734 3560 NetBT - ok
16:54:07.0828 3560 NetDDE (8ace4251bffd09ce75679fe940e996cc) E:\WINDOWS\system32\netdde.exe
16:54:07.0921 3560 NetDDE - ok
16:54:07.0953 3560 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) E:\WINDOWS\system32\netdde.exe
16:54:08.0031 3560 NetDDEdsdm - ok
16:54:08.0140 3560 Netlogon (afb8261b56cba0d86aeb6df682af9785) E:\WINDOWS\System32\lsass.exe
16:54:08.0234 3560 Netlogon - ok
16:54:08.0281 3560 Netman (e6d88f1f6745bf00b57e7855a2ab696c) E:\WINDOWS\System32\netman.dll
16:54:08.0375 3560 Netman - ok
16:54:08.0500 3560 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:54:08.0515 3560 NetTcpPortSharing - ok
16:54:08.0968 3560 NETwLx32 (72062b53186e4a3f5fcbc41ebb62b905) E:\WINDOWS\system32\DRIVERS\NETwLx32.sys
16:54:09.0671 3560 NETwLx32 - ok
16:54:09.0812 3560 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys
16:54:09.0906 3560 NIC1394 - ok
16:54:10.0187 3560 Nla (f1b67b6b0751ae0e6e964b02821206a3) E:\WINDOWS\System32\mswsock.dll
16:54:10.0234 3560 Nla - ok
16:54:10.0250 3560 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys
16:54:10.0328 3560 Npfs - ok
16:54:10.0390 3560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys
16:54:10.0500 3560 Ntfs - ok
16:54:10.0546 3560 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) E:\WINDOWS\System32\lsass.exe
16:54:10.0625 3560 NtLmSsp - ok
16:54:10.0687 3560 NtmsSvc (56af4064996fa5bac9c449b1514b4770) E:\WINDOWS\system32\ntmssvc.dll
16:54:10.0812 3560 NtmsSvc - ok
16:54:10.0953 3560 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
16:54:11.0046 3560 Null - ok
16:54:11.0531 3560 nv (d42fb8615e810901779294f5627364fe) E:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:54:12.0265 3560 nv - ok
16:54:12.0343 3560 NVSvc (755d3a2de4b05024f90430fe32ff26a5) E:\WINDOWS\system32\nvsvc32.exe
16:54:12.0359 3560 NVSvc - ok
16:54:12.0406 3560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:54:12.0515 3560 NwlnkFlt - ok
16:54:12.0546 3560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:54:12.0656 3560 NwlnkFwd - ok
16:54:12.0718 3560 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:54:12.0812 3560 ohci1394 - ok
16:54:12.0937 3560 Parport (f84785660305b9b903fb3bca8ba29837) E:\WINDOWS\system32\drivers\Parport.sys
16:54:13.0031 3560 Parport - ok
16:54:13.0078 3560 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys
16:54:13.0156 3560 PartMgr - ok
16:54:13.0234 3560 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) E:\WINDOWS\system32\drivers\ParVdm.sys
16:54:13.0343 3560 ParVdm - ok
16:54:13.0359 3560 PCI (387e8dedc343aa2d1efbc30580273acd) E:\WINDOWS\system32\DRIVERS\pci.sys
16:54:13.0453 3560 PCI - ok
16:54:13.0468 3560 PCIDump - ok
16:54:13.0500 3560 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) E:\WINDOWS\system32\DRIVERS\pciide.sys
16:54:13.0609 3560 PCIIde - ok
16:54:13.0640 3560 Pcmcia (a2a966b77d61847d61a3051df87c8c97) E:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:54:13.0750 3560 Pcmcia - ok
16:54:13.0750 3560 PDCOMP - ok
16:54:13.0765 3560 PDFRAME - ok
16:54:13.0765 3560 PDRELI - ok
16:54:13.0781 3560 PDRFRAME - ok
16:54:13.0796 3560 perc2 - ok
16:54:13.0796 3560 perc2hib - ok
16:54:13.0984 3560 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) E:\WINDOWS\system32\DRIVERS\LV302V32.SYS
16:54:14.0250 3560 PID_PEPI - ok
16:54:14.0375 3560 PlugPlay (a3edbe9053889fb24ab22492472b39dc) E:\WINDOWS\system32\services.exe
16:54:14.0406 3560 PlugPlay - ok
16:54:14.0500 3560 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) E:\WINDOWS\system32\HPZipm12.dll
16:54:14.0515 3560 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:54:14.0515 3560 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:54:14.0578 3560 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) E:\WINDOWS\System32\lsass.exe
16:54:14.0656 3560 PolicyAgent - ok
16:54:14.0687 3560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys
16:54:14.0781 3560 PptpMiniport - ok
16:54:14.0828 3560 Processor (2cb55427c58679f49ad600fccba76360) E:\WINDOWS\system32\DRIVERS\processr.sys
16:54:14.0906 3560 Processor - ok
16:54:14.0921 3560 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) E:\WINDOWS\system32\lsass.exe
16:54:15.0000 3560 ProtectedStorage - ok
16:54:15.0000 3560 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys
16:54:15.0109 3560 PSched - ok
16:54:15.0140 3560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
16:54:15.0250 3560 Ptilink - ok
16:54:15.0312 3560 PxHelp20 (153d02480a0a2f45785522e814c634b6) E:\WINDOWS\system32\Drivers\PxHelp20.sys
16:54:15.0312 3560 PxHelp20 - ok
16:54:15.0328 3560 ql1080 - ok
16:54:15.0328 3560 Ql10wnt - ok
16:54:15.0343 3560 ql12160 - ok
16:54:15.0359 3560 ql1240 - ok
16:54:15.0359 3560 ql1280 - ok
16:54:15.0375 3560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys
16:54:15.0484 3560 RasAcd - ok
16:54:15.0515 3560 RasAuto (f5ba6caccdb66c8f048e867563203246) E:\WINDOWS\System32\rasauto.dll
16:54:15.0625 3560 RasAuto - ok
16:54:15.0718 3560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:54:15.0812 3560 Rasl2tp - ok
16:54:15.0921 3560 RasMan (f9a7b66ea345726edb5862a46b1eccd5) E:\WINDOWS\System32\rasmans.dll
16:54:16.0015 3560 RasMan - ok
16:54:16.0078 3560 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:54:16.0156 3560 RasPppoe - ok
16:54:16.0171 3560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
16:54:16.0265 3560 Raspti - ok
16:54:16.0296 3560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys
16:54:16.0375 3560 Rdbss - ok
16:54:16.0406 3560 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:54:16.0515 3560 RDPCDD - ok
16:54:16.0578 3560 RDPWD (5b3055daa788bd688594d2f5981f2a83) E:\WINDOWS\system32\drivers\RDPWD.sys
16:54:16.0593 3560 RDPWD - ok
16:54:16.0625 3560 RDSessMgr (263af18af0f3db99f574c95f284ccec9) E:\WINDOWS\system32\sessmgr.exe
16:54:16.0718 3560 RDSessMgr - ok
16:54:16.0750 3560 redbook (ed761d453856f795a7fe056e42c36365) E:\WINDOWS\system32\DRIVERS\redbook.sys
16:54:16.0859 3560 redbook - ok
16:54:16.0968 3560 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) E:\WINDOWS\System32\mprdim.dll
16:54:17.0078 3560 RemoteAccess - ok
16:54:17.0156 3560 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) E:\WINDOWS\system32\DRIVERS\rfcomm.sys
16:54:17.0234 3560 RFCOMM - ok
16:54:17.0250 3560 RpcLocator (2a02e21867497df20b8fc95631395169) E:\WINDOWS\System32\locator.exe
16:54:17.0343 3560 RpcLocator - ok
16:54:17.0421 3560 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) E:\WINDOWS\system32\rpcss.dll
16:54:17.0453 3560 RpcSs - ok
16:54:17.0515 3560 RSVP (4bdd71b4b521521499dfd14735c4f398) E:\WINDOWS\System32\rsvp.exe
16:54:17.0625 3560 RSVP - ok
16:54:17.0656 3560 SamSs (afb8261b56cba0d86aeb6df682af9785) E:\WINDOWS\system32\lsass.exe
16:54:17.0734 3560 SamSs - ok
16:54:17.0765 3560 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) E:\WINDOWS\System32\SCardSvr.exe
16:54:17.0890 3560 SCardSvr - ok
16:54:17.0953 3560 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) E:\WINDOWS\system32\schedsvc.dll
16:54:18.0046 3560 Schedule - ok
16:54:18.0140 3560 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) E:\WINDOWS\system32\DRIVERS\sdbus.sys
16:54:18.0234 3560 sdbus - ok
16:54:18.0312 3560 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys
16:54:18.0390 3560 Secdrv - ok
16:54:18.0421 3560 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) E:\WINDOWS\System32\seclogon.dll
16:54:18.0531 3560 seclogon - ok
16:54:18.0531 3560 SENS (2aac9b6ed9eddffb721d6452e34d67e3) E:\WINDOWS\system32\sens.dll
16:54:18.0625 3560 SENS - ok
16:54:18.0671 3560 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) E:\WINDOWS\system32\drivers\Serial.sys
16:54:18.0765 3560 Serial - ok
16:54:18.0812 3560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys
16:54:18.0906 3560 Sfloppy - ok
16:54:18.0968 3560 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) E:\WINDOWS\System32\ipnathlp.dll
16:54:19.0078 3560 SharedAccess - ok
16:54:19.0125 3560 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) E:\WINDOWS\System32\shsvcs.dll
16:54:19.0156 3560 ShellHWDetection - ok
16:54:19.0171 3560 Simbad - ok
16:54:19.0218 3560 SLIP (866d538ebe33709a5c9f5c62b73b7d14) E:\WINDOWS\system32\DRIVERS\SLIP.sys
16:54:19.0312 3560 SLIP - ok
16:54:19.0390 3560 Sparrow - ok
16:54:19.0484 3560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys
16:54:19.0593 3560 splitter - ok
16:54:19.0671 3560 Spooler (60784f891563fb1b767f70117fc2428f) E:\WINDOWS\system32\spoolsv.exe
16:54:19.0718 3560 Spooler - ok
16:54:19.0781 3560 sr (50fa898f8c032796d3b1b9951bb5a90f) E:\WINDOWS\system32\DRIVERS\sr.sys
16:54:19.0859 3560 sr - ok
16:54:19.0906 3560 srservice (fe77a85495065f3ad59c5c65b6c54182) E:\WINDOWS\System32\srsvc.dll
16:54:20.0000 3560 srservice - ok
16:54:20.0062 3560 Srv (47ddfc2f003f7f9f0592c6874962a2e7) E:\WINDOWS\system32\DRIVERS\srv.sys
16:54:20.0109 3560 Srv - ok
16:54:20.0218 3560 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) E:\WINDOWS\System32\ssdpsrv.dll
16:54:20.0312 3560 SSDPSRV - ok
16:54:20.0406 3560 ssmdrv (a36ee93698802cd899f98bfd553d8185) E:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:54:20.0406 3560 ssmdrv - ok
16:54:20.0484 3560 stisvc (bc2c5985611c5356b24aeb370953ded9) E:\WINDOWS\system32\wiaservc.dll
16:54:20.0578 3560 stisvc - ok
16:54:20.0625 3560 streamip (77813007ba6265c4b6098187e6ed79d2) E:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:54:20.0718 3560 streamip - ok
16:54:20.0781 3560 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys
16:54:20.0875 3560 swenum - ok
16:54:20.0921 3560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys
16:54:21.0000 3560 swmidi - ok
16:54:21.0015 3560 SwPrv - ok
16:54:21.0015 3560 symc810 - ok
16:54:21.0031 3560 symc8xx - ok
16:54:21.0046 3560 sym_hi - ok
16:54:21.0046 3560 sym_u3 - ok
16:54:21.0078 3560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys
16:54:21.0156 3560 sysaudio - ok
16:54:21.0218 3560 SysmonLog (2903fffa2523926d6219428040dce6b9) E:\WINDOWS\system32\smlogsvc.exe
16:54:21.0312 3560 SysmonLog - ok
16:54:21.0437 3560 TapiSrv (05903cac4b98908d55ea5774775b382e) E:\WINDOWS\System32\tapisrv.dll
16:54:21.0531 3560 TapiSrv - ok
16:54:21.0640 3560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys
16:54:21.0671 3560 Tcpip - ok
16:54:21.0703 3560 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys
16:54:21.0812 3560 TDPIPE - ok
16:54:21.0828 3560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys
16:54:21.0921 3560 TDTCP - ok
16:54:21.0937 3560 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys
16:54:22.0046 3560 TermDD - ok
16:54:22.0078 3560 TermService (b7de02c863d8f5a005a7bf375375a6a4) E:\WINDOWS\System32\termsrv.dll
16:54:22.0187 3560 TermService - ok
16:54:22.0250 3560 Themes (2db7d303c36ddd055215052f118e8e75) E:\WINDOWS\System32\shsvcs.dll
16:54:22.0250 3560 Themes - ok
16:54:22.0328 3560 tifm21 (244cfbffdefb77f3df571a8cd108fc06) E:\WINDOWS\system32\drivers\tifm21.sys
16:54:22.0359 3560 tifm21 - ok
16:54:22.0437 3560 TosIde - ok
16:54:22.0500 3560 tosrfec (cc42fdbe9760ca1639e23158ab995f98) E:\WINDOWS\system32\DRIVERS\tosrfec.sys
16:54:22.0500 3560 tosrfec ( UnsignedFile.Multi.Generic ) - warning
16:54:22.0500 3560 tosrfec - detected UnsignedFile.Multi.Generic (1)
16:54:22.0593 3560 TrkWks (626504572b175867f30f3215c04b3e2f) E:\WINDOWS\system32\trkwks.dll
16:54:22.0687 3560 TrkWks - ok
16:54:22.0781 3560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys
16:54:22.0906 3560 Udfs - ok
16:54:22.0937 3560 UIUSys (0f90d3118d081a5c7780b2879e87a604) E:\WINDOWS\system32\DRIVERS\UIUSYS.SYS
16:54:22.0953 3560 UIUSys ( UnsignedFile.Multi.Generic ) - warning
16:54:22.0953 3560 UIUSys - detected UnsignedFile.Multi.Generic (1)
16:54:22.0968 3560 ultra - ok
16:54:23.0015 3560 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) E:\WINDOWS\system32\wdfmgr.exe
16:54:23.0062 3560 UMWdf - ok
16:54:23.0109 3560 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys
16:54:23.0218 3560 Update - ok
16:54:23.0343 3560 upnphost (1dfd8975d8c89214b98d9387c1125b49) E:\WINDOWS\System32\upnphost.dll
16:54:23.0453 3560 upnphost - ok
16:54:23.0546 3560 UPS (9b11e6118958e63e1fef129466e2bda7) E:\WINDOWS\System32\ups.exe
16:54:23.0640 3560 UPS - ok
16:54:23.0734 3560 USBAAPL (83cafcb53201bbac04d822f32438e244) E:\WINDOWS\system32\Drivers\usbaapl.sys
16:54:23.0796 3560 USBAAPL - ok
16:54:23.0921 3560 usbaudio (e919708db44ed8543a7c017953148330) E:\WINDOWS\system32\drivers\usbaudio.sys
16:54:24.0015 3560 usbaudio - ok
16:54:24.0125 3560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:54:24.0218 3560 usbccgp - ok
16:54:24.0281 3560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys
16:54:24.0375 3560 usbehci - ok
16:54:24.0500 3560 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys
16:54:24.0593 3560 usbhub - ok
16:54:24.0625 3560 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys
16:54:24.0718 3560 usbprint - ok
16:54:24.0765 3560 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys
16:54:24.0875 3560 usbscan - ok
16:54:24.0968 3560 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:54:25.0062 3560 USBSTOR - ok
16:54:25.0125 3560 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) E:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:54:25.0218 3560 usbuhci - ok
16:54:25.0234 3560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys
16:54:25.0312 3560 VgaSave - ok
16:54:25.0328 3560 ViaIde - ok
16:54:25.0375 3560 VolSnap (a5a712f4e880874a477af790b5186e1d) E:\WINDOWS\system32\drivers\VolSnap.sys
16:54:25.0468 3560 VolSnap - ok
16:54:25.0625 3560 VSS (68f106273be29e7b7ef8266977268e78) E:\WINDOWS\System32\vssvc.exe
16:54:25.0718 3560 VSS - ok
16:54:25.0781 3560 W32Time (7b353059e665f8b7ad2bbeaef597cf45) E:\WINDOWS\System32\w32time.dll
16:54:25.0859 3560 W32Time - ok
16:54:25.0875 3560 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys
16:54:25.0968 3560 Wanarp - ok
16:54:25.0984 3560 WDICA - ok
16:54:26.0046 3560 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys
16:54:26.0140 3560 wdmaud - ok
16:54:26.0171 3560 WebClient (81727c9873e3905a2ffc1ebd07265002) E:\WINDOWS\System32\webclnt.dll
16:54:26.0250 3560 WebClient - ok
16:54:26.0359 3560 winachsf (307d248f97835b6879bdd361086924fe) E:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:54:26.0437 3560 winachsf - ok
16:54:26.0562 3560 winmgmt (6f3f3973d97714cc5f906a19fe883729) E:\WINDOWS\system32\wbem\WMIsvc.dll
16:54:26.0656 3560 winmgmt - ok
16:54:26.0781 3560 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) E:\WINDOWS\system32\MsPMSNSv.dll
16:54:26.0859 3560 WmdmPmSN - ok
16:54:26.0906 3560 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) E:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:54:26.0984 3560 WmiAcpi - ok
16:54:27.0046 3560 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) E:\WINDOWS\System32\wbem\wmiapsrv.exe
16:54:27.0140 3560 WmiApSrv - ok
16:54:27.0203 3560 wscsvc (300b3e84faf1a5c1f791c159ba28035d) E:\WINDOWS\system32\wscsvc.dll
16:54:27.0296 3560 wscsvc - ok
16:54:27.0328 3560 WSTCODEC (c98b39829c2bbd34e454150633c62c78) E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:54:27.0437 3560 WSTCODEC - ok
16:54:27.0484 3560 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) E:\WINDOWS\system32\wuauserv.dll
16:54:27.0640 3560 wuauserv - ok
16:54:27.0781 3560 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) E:\WINDOWS\System32\wzcsvc.dll
16:54:27.0890 3560 WZCSVC - ok
16:54:27.0953 3560 xmlprov (0ada34871a2e1cd2caafed1237a47750) E:\WINDOWS\System32\xmlprov.dll
16:54:28.0093 3560 xmlprov - ok
16:54:28.0125 3560 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
16:54:28.0453 3560 \Device\Harddisk0\DR0 - ok
16:54:28.0453 3560 Boot (0x1200) (b1d4a029eeaf372def580d6fe4053304) \Device\Harddisk0\DR0\Partition0
16:54:28.0453 3560 \Device\Harddisk0\DR0\Partition0 - ok
16:54:28.0484 3560 Boot (0x1200) (fa7f1fbb267de3e0ec00bede3d307c68) \Device\Harddisk0\DR0\Partition1
16:54:28.0484 3560 \Device\Harddisk0\DR0\Partition1 - ok
16:54:28.0500 3560 Boot (0x1200) (8ccead1c397e96bb542788c54ac50910) \Device\Harddisk0\DR0\Partition2
16:54:28.0500 3560 \Device\Harddisk0\DR0\Partition2 - ok
16:54:28.0500 3560 ============================================================
16:54:28.0500 3560 Scan finished
16:54:28.0500 3560 ============================================================
16:54:28.0640 1876 Detected object count: 8
16:54:28.0640 1876 Actual detected object count: 8
16:58:30.0890 1876 cmudau ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:30.0890 1876 cmudau ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:30.0890 1876 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:30.0890 1876 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:30.0890 1876 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:30.0890 1876 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:30.0890 1876 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:30.0890 1876 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:30.0906 1876 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:30.0906 1876 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:30.0906 1876 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:30.0906 1876 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:30.0906 1876 tosrfec ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:30.0906 1876 tosrfec ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:30.0906 1876 UIUSys ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:30.0906 1876 UIUSys ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
27.03.2012, 18:58
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€ Virus blockiert wie bei anderen Nutzern mein Windows XP Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2012, 23:20
| #13 |
| | 50€ Virus blockiert wie bei anderen Nutzern mein Windows XPCode:
ATTFilter ComboFix 12-03-27.03 - Housemaus 28.03.2012 0:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2046.1376 [GMT 2:00]
ausgeführt von:: e:\dokumente und einstellungen\Housemaus\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
e:\windows\EventSystem.log
e:\windows\IsUn0407.exe
e:\windows\system32\dllcache\dlimport.exe
e:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-27 bis 2012-03-27 ))))))))))))))))))))))))))))))
.
.
2012-03-27 13:19 . 2012-03-27 13:19 -------- d-----w- E:\_OTL
2012-03-26 23:40 . 2012-03-26 23:40 -------- d-----w- e:\dokumente und einstellungen\Housemaus\Anwendungsdaten\Avira
2012-03-26 23:37 . 2012-01-31 06:56 74640 ----a-w- e:\windows\system32\drivers\avgntflt.sys
2012-03-26 23:37 . 2012-01-31 06:56 137416 ----a-w- e:\windows\system32\drivers\avipbb.sys
2012-03-26 23:37 . 2011-09-16 14:08 36000 ----a-w- e:\windows\system32\drivers\avkmgr.sys
2012-03-26 23:37 . 2012-03-26 23:37 -------- d-----w- e:\programme\Avira
2012-03-26 23:37 . 2012-03-26 23:37 -------- d-----w- e:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2012-03-25 20:34 . 2012-03-25 20:34 -------- d-----w- e:\programme\ESET
2012-03-25 18:47 . 2012-03-25 18:47 -------- d-----w- e:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-03-25 18:47 . 2011-12-10 13:24 20464 ----a-w- e:\windows\system32\drivers\mbam.sys
2012-03-25 18:47 . 2012-03-25 18:47 -------- d-----w- e:\programme\Malwarebytes' Anti-Malware
2012-03-25 16:43 . 2012-03-25 18:45 -------- d-----w- e:\dokumente und einstellungen\Administrator
2012-03-17 17:54 . 2012-03-17 17:54 -------- d-----w- e:\programme\Gameforge
2012-03-17 16:44 . 2012-03-17 16:44 -------- d-----w- e:\windows\system32\XPSViewer
2012-03-17 16:44 . 2012-03-17 16:44 -------- d-----w- e:\programme\MSBuild
2012-03-17 16:44 . 2012-03-17 16:44 -------- d-----w- e:\programme\Reference Assemblies
2012-03-17 16:44 . 2008-07-06 12:06 89088 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-03-17 16:43 . 2008-07-06 12:06 117760 ------w- e:\windows\system32\prntvpt.dll
2012-03-17 16:43 . 2008-07-06 12:06 89088 -c----w- e:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-03-17 16:43 . 2008-07-06 12:06 575488 -c----w- e:\windows\system32\dllcache\xpsshhdr.dll
2012-03-17 16:43 . 2008-07-06 12:06 575488 ------w- e:\windows\system32\xpsshhdr.dll
2012-03-17 16:43 . 2008-07-06 10:50 597504 -c----w- e:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-03-17 16:43 . 2008-07-06 10:50 597504 ------w- e:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-03-17 16:43 . 2008-07-06 12:06 1676288 -c----w- e:\windows\system32\dllcache\xpssvcs.dll
2012-03-17 16:43 . 2008-07-06 12:06 1676288 ------w- e:\windows\system32\xpssvcs.dll
2012-03-16 21:26 . 2007-03-15 15:57 443752 ----a-w- e:\windows\system32\d3dx10_33.dll
2012-03-16 20:21 . 2012-03-16 20:21 592824 ----a-w- e:\programme\Mozilla Firefox\gkmedias.dll
2012-03-16 20:21 . 2012-03-16 20:21 44472 ----a-w- e:\programme\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:57 . 2003-04-02 12:00 1860224 ----a-w- e:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 18:49 3072 ------w- e:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-02-21 00:43 139784 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2012-03-16 20:21 . 2012-02-12 23:31 97208 ----a-w- e:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]
"HP Software Update"="e:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nwiz"="nwiz.exe" [2009-01-30 1657376]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"Adobe ARM"="e:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="e:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"avgnt"="e:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
e:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - e:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKLM\~\startupfolder\E:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bluetooth Monitor.lnk]
path=e:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Monitor.lnk
backup=e:\windows\pss\Bluetooth Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\E:^Dokumente und Einstellungen^Housemaus^Startmenü^Programme^Autostart^Logitech . Produktregistrierung.lnk]
path=e:\dokumente und einstellungen\Housemaus\Startmenü\Programme\Autostart\Logitech . Produktregistrierung.lnk
backup=e:\windows\pss\Logitech . Produktregistrierung.lnkStartup
.
[HKLM\~\startupfolder\E:^Dokumente und Einstellungen^Housemaus^Startmenü^Programme^Autostart^OpenOffice.org 3.3.lnk]
path=e:\dokumente und einstellungen\Housemaus\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk
backup=e:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-02-21 03:23 119608 ----a-w- e:\programme\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-12 23:24 421736 ----a-w- e:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 11:36 2793304 ----a-w- e:\programme\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- e:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 ----a-w- e:\programme\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-09-26 07:49 17353352 ----a-r- e:\programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-26 23:37 1242448 ----a-w- e:\programme\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- e:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Programme\\ICQ7.4\\ICQ.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"e:\\Programme\\HP\\HP Software Update\\HPWUCli.exe"=
"e:\\Programme\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"e:\\Programme\\Steam\\Steam.exe"=
"e:\\Programme\\Winamp\\winamp.exe"=
"e:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"e:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"e:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Programme\\Logitech\\Vid HD\\Vid.exe"=
"e:\\Programme\\Skype\\Phone\\Skype.exe"=
"e:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"e:\\Programme\\Bonjour\\mDNSResponder.exe"=
"e:\\Programme\\iTunes\\iTunes.exe"=
"e:\\Programme\\Steam\\steamapps\\schalker265\\counter-strike\\hl.exe"=
"e:\\Programme\\Steam\\steamapps\\schalker265\\counter-strike source\\hl2.exe"=
"e:\\Programme\\Veetle\\Player\\VeetleNet.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6885:TCP"= 6885:TCP:League of Legends Launcher
"6885:UDP"= 6885:UDP:League of Legends Launcher
"6933:TCP"= 6933:TCP:League of Legends Launcher
"6933:UDP"= 6933:UDP:League of Legends Launcher
"6931:TCP"= 6931:TCP:League of Legends Launcher
"6931:UDP"= 6931:UDP:League of Legends Launcher
"6975:TCP"= 6975:TCP:League of Legends Launcher
"6975:UDP"= 6975:UDP:League of Legends Launcher
"6977:TCP"= 6977:TCP:League of Legends Launcher
"6977:UDP"= 6977:UDP:League of Legends Launcher
"6986:TCP"= 6986:TCP:League of Legends Launcher
"6986:UDP"= 6986:UDP:League of Legends Launcher
"6984:TCP"= 6984:TCP:League of Legends Launcher
"6984:UDP"= 6984:UDP:League of Legends Launcher
"6890:TCP"= 6890:TCP:League of Legends Launcher
"6890:UDP"= 6890:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6958:TCP"= 6958:TCP:League of Legends Launcher
"6958:UDP"= 6958:UDP:League of Legends Launcher
"6956:TCP"= 6956:TCP:League of Legends Launcher
"6956:UDP"= 6956:UDP:League of Legends Launcher
"6951:TCP"= 6951:TCP:League of Legends Launcher
"6951:UDP"= 6951:UDP:League of Legends Launcher
"6942:TCP"= 6942:TCP:League of Legends Launcher
"6942:UDP"= 6942:UDP:League of Legends Launcher
"6887:TCP"= 6887:TCP:League of Legends Launcher
"6887:UDP"= 6887:UDP:League of Legends Launcher
"6915:TCP"= 6915:TCP:League of Legends Launcher
"6915:UDP"= 6915:UDP:League of Legends Launcher
"6944:TCP"= 6944:TCP:League of Legends Launcher
"6944:UDP"= 6944:UDP:League of Legends Launcher
"6955:TCP"= 6955:TCP:League of Legends Launcher
"6955:UDP"= 6955:UDP:League of Legends Launcher
"6920:TCP"= 6920:TCP:League of Legends Launcher
"6920:UDP"= 6920:UDP:League of Legends Launcher
"6948:TCP"= 6948:TCP:League of Legends Launcher
"6948:UDP"= 6948:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
.
R1 avkmgr;avkmgr;e:\windows\system32\drivers\avkmgr.sys [27.03.2012 01:37 36000]
R2 AntiVirSchedulerService;Avira Planer;e:\programme\Avira\AntiVir Desktop\sched.exe [27.03.2012 01:37 86224]
R3 NETwLx32; Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows XP 32-Bit;e:\windows\system32\drivers\NETwLx32.sys [21.02.2011 03:08 6609920]
S2 gupdate;Google Update-Dienst (gupdate);e:\programme\Google\Update\GoogleUpdate.exe [29.02.2012 17:54 136176]
S3 GPU-Z;GPU-Z;\??\e:\dokume~1\HOUSEM~1\LOKALE~1\Temp\GPU-Z.sys --> e:\dokume~1\HOUSEM~1\LOKALE~1\Temp\GPU-Z.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);e:\programme\Google\Update\GoogleUpdate.exe [29.02.2012 17:54 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-23 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-03-27 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\programme\Google\Update\GoogleUpdate.exe [2012-02-29 15:53]
.
2012-03-27 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\programme\Google\Update\GoogleUpdate.exe [2012-02-29 15:53]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - e:\programme\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - e:\dokumente und einstellungen\Housemaus\Anwendungsdaten\Mozilla\Firefox\Profiles\oetlmwpw.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-CmUsbSound - cmcnfgu.cpl
MSConfigStartUp-QuickTime Task - e:\programme\QuickTime\QTTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-28 00:14
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-28 00:16:29
ComboFix-quarantined-files.txt 2012-03-27 22:16
.
Vor Suchlauf: 8 Verzeichnis(se), 20.067.778.560 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 20.020.404.224 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
; This boot.ini was automatically generated by NeoSmart Technologies' BootGrabber.exe
; Use EasyBCD from hxxp://neosmart.net/dl.php?id=1 to manage your bootloader
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Windows XP on E:\" /fastdetect
.
- - End Of File - - 5BD6BFBCDB1B157FB2B13E100D2D9A7F
|
|
28.03.2012, 10:58
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€ Virus blockiert wie bei anderen Nutzern mein Windows XP Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.03.2012, 16:36
| #15 |
| | 50€ Virus blockiert wie bei anderen Nutzern mein Windows XPCode:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-28 17:35:37
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2200BT_PL rev.00400051
Running: mx4xxogf.exe; Driver: E:\DOKUME~1\HOUSEM~1\LOKALE~1\Temp\pxtdypoc.sys
---- System - GMER 1.0.15 ----
SSDT F7A5C4A4 ZwClose
SSDT F7A5C45E ZwCreateKey
SSDT F7A5C4AE ZwCreateSection
SSDT F7A5C454 ZwCreateThread
SSDT F7A5C463 ZwDeleteKey
SSDT F7A5C46D ZwDeleteValueKey
SSDT F7A5C49F ZwDuplicateObject
SSDT F7A5C472 ZwLoadKey
SSDT F7A5C440 ZwOpenProcess
SSDT F7A5C445 ZwOpenThread
SSDT F7A5C4C7 ZwQueryValueKey
SSDT F7A5C47C ZwReplaceKey
SSDT F7A5C4B8 ZwRequestWaitReplyPort
SSDT F7A5C477 ZwRestoreKey
SSDT F7A5C4B3 ZwSetContextThread
SSDT F7A5C4BD ZwSetSecurityObject
SSDT F7A5C468 ZwSetValueKey
SSDT F7A5C4C2 ZwSystemDebugControl
SSDT F7A5C44F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text E:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7814360, 0x33AACD, 0xE8000020]
init E:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB7162EBF]
---- User code sections - GMER 1.0.15 ----
.text E:\Programme\Mozilla Firefox\firefox.exe[3840] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 01219720 E:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text E:\Programme\Mozilla Firefox\firefox.exe[3840] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0144E21B E:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text E:\Programme\Mozilla Firefox\firefox.exe[3840] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0144E1F4 E:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text E:\Programme\Mozilla Firefox\firefox.exe[3840] GDI32.dll!CreateDIBSection 77EF9E19 5 Bytes JMP 0144E17E E:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT E:\WINDOWS\Explorer.EXE[244] @ E:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01952F20] E:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT E:\WINDOWS\Explorer.EXE[244] @ E:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01952C90] E:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT E:\WINDOWS\Explorer.EXE[244] @ E:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01952CF0] E:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT E:\WINDOWS\Explorer.EXE[244] @ E:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01952CC0] E:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037ad38903
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00037ad38903 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:43:14 on 28.03.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 11.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - E:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - E:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - E:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - E:\WINDOWS\system32\FlashPlayerCPLApp.cpl "HWSETUP.CPL" - "TOSHIBA Corp." - E:\WINDOWS\system32\HWSETUP.CPL "infocardcpl.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - E:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvtuicpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - E:\WINDOWS\system32\PhysX.cpl "ToshSrv.cpl" - ? - E:\WINDOWS\system32\ToshSrv.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Cmcplsu" - "C-Media Corporation" - E:\WINDOWS\System\cmcnfgu.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - E:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - E:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - E:\WINDOWS\System32\DRIVERS\avkmgr.sys "Bluetooth ACPI from TOSHIBA" (tosrfec) - "TOSHIBA Corporation" - E:\WINDOWS\System32\DRIVERS\tosrfec.sys "C-Media USB Sound Interface" (cmudau) - "C-Media Inc" - E:\WINDOWS\System32\drivers\cmudau.sys "catchme" (catchme) - ? - E:\DOKUME~1\HOUSEM~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - E:\WINDOWS\system32\drivers\Changer.sys (File not found) "Conexant Setup API" (UIUSys) - "Conexant Systems, Inc" - E:\WINDOWS\System32\DRIVERS\UIUSYS.SYS "GPU-Z" (GPU-Z) - ? - E:\DOKUME~1\HOUSEM~1\LOKALE~1\Temp\GPU-Z.sys (File not found) "i2omgmt" (i2omgmt) - ? - E:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - E:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - E:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - E:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - E:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - E:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - E:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - E:\WINDOWS\System32\Drivers\PxHelp20.sys "pxtdypoc" (pxtdypoc) - ? - E:\DOKUME~1\HOUSEM~1\LOKALE~1\Temp\pxtdypoc.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - E:\WINDOWS\System32\DRIVERS\ssmdrv.sys "WDICA" (WDICA) - ? - E:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - E:\WINDOWS\system32\Rundll32.exe E:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - E:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - E:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - E:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - E:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - E:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - E:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvshell.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - E:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - E:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - E:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - E:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - E:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - E:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - E:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - E:\WINDOWS\system32\dfshim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - E:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - E:\WINDOWS\system32\Macromed\Flash\Flash10m.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - E:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll "ICQ7.4" - "ICQ, LLC." - E:\Programme\ICQ7.4\ICQ.exe {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - E:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - E:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - E:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - E:\Dokumente und Einstellungen\Housemaus\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "E:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon" - "Apple Inc." - "E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "E:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "HP Software Update" - "Hewlett-Packard" - E:\Programme\HP\HP Software Update\HPWuSchd2.exe "nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - E:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Automatic Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll (File not found) "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - E:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - E:\Programme\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - E:\Programme\Bonjour\mDNSResponder.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - E:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - E:\Programme\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - E:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - E:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - E:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\jqs.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - E:\WINDOWS\system32\HPZinw12.dll "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - E:\WINDOWS\system32\HPZipm12.dll "Process Monitor" (LVPrcSrv) - "Logitech Inc." - E:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - E:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-28 17:44:43
-----------------------------
17:44:43.750 OS Version: Windows 5.1.2600 Service Pack 3
17:44:43.750 Number of processors: 2 586 0xF06
17:44:43.750 ComputerName: MAUS UserName:
17:44:44.140 Initialize success
17:47:22.750 AVAST engine defs: 12032801
17:49:27.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:49:27.593 Disk 0 Vendor: FUJITSU_MHV2200BT_PL 00400051 Size: 190782MB BusType: 3
17:49:28.703 Disk 0 MBR read successfully
17:49:28.703 Disk 0 MBR scan
17:49:28.765 Disk 0 Windows XP default MBR code
17:49:28.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:49:28.812 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 119680 MB offset 206848
17:49:28.859 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 70999 MB offset 245311488
17:49:28.890 Disk 0 scanning sectors +390717440
17:49:29.125 Disk 0 scanning E:\WINDOWS\system32\drivers
17:50:12.546 Service scanning
17:50:31.515 Modules scanning
17:51:12.562 Disk 0 trace - called modules:
17:51:12.609 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:51:12.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a434ab8]
17:51:12.609 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000078[0x8a4383b8]
17:51:12.609 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a47e940]
17:51:12.953 AVAST engine scan E:\WINDOWS
17:52:00.218 AVAST engine scan E:\WINDOWS\system32
18:00:15.046 AVAST engine scan E:\WINDOWS\system32\drivers
18:01:18.015 AVAST engine scan E:\Dokumente und Einstellungen\Housemaus
18:01:59.125 Disk 0 MBR has been saved successfully to "E:\Dokumente und Einstellungen\Housemaus\Desktop\MBR.dat"
18:01:59.125 The log file has been saved successfully to "E:\Dokumente und Einstellungen\Housemaus\Desktop\aswMBR.txt"
|
|
| Themen zu 50€ Virus blockiert wie bei anderen Nutzern mein Windows XP |
| andere, anderen, antworten, bezahlen, blockiert, eingefangen, fenster, geld, gesperrt, kritische, mcaffe, nicht schließen, problem, programm, programme, schließe, schließen, sichtbar, system, virus, vorgehen, windows, windows xp, worte |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
